Vulnerability Details CVE-2025-27528
Deserialization of Untrusted Data vulnerability in Apache InLong.
This issue affects Apache InLong: from 1.13.0 through 2.1.0.
This
vulnerability allows attackers to bypass the security mechanisms of InLong
JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it.
[1] https://github.com/apache/inlong/pull/11747
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.0%
CVSS Severity
CVSS v3 Score 9.1
References