Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-66518

Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade to version 1.10.3 or upper, which fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.0%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2025-66518
  • Apache » Kyuubi » Version: 1.10.0
    cpe:2.3:a:apache:kyuubi:1.10.0
  • Apache » Kyuubi » Version: 1.10.1
    cpe:2.3:a:apache:kyuubi:1.10.1
  • Apache » Kyuubi » Version: 1.10.2
    cpe:2.3:a:apache:kyuubi:1.10.2
  • Apache » Kyuubi » Version: 1.6.0
    cpe:2.3:a:apache:kyuubi:1.6.0
  • Apache » Kyuubi » Version: 1.6.1
    cpe:2.3:a:apache:kyuubi:1.6.1
  • Apache » Kyuubi » Version: 1.7.0
    cpe:2.3:a:apache:kyuubi:1.7.0
  • Apache » Kyuubi » Version: 1.7.1
    cpe:2.3:a:apache:kyuubi:1.7.1
  • Apache » Kyuubi » Version: 1.7.2
    cpe:2.3:a:apache:kyuubi:1.7.2
  • Apache » Kyuubi » Version: 1.7.3
    cpe:2.3:a:apache:kyuubi:1.7.3
  • Apache » Kyuubi » Version: 1.7.4
    cpe:2.3:a:apache:kyuubi:1.7.4
  • Apache » Kyuubi » Version: 1.8.0
    cpe:2.3:a:apache:kyuubi:1.8.0
  • Apache » Kyuubi » Version: 1.8.1
    cpe:2.3:a:apache:kyuubi:1.8.1
  • Apache » Kyuubi » Version: 1.8.2
    cpe:2.3:a:apache:kyuubi:1.8.2
  • Apache » Kyuubi » Version: 1.8.3
    cpe:2.3:a:apache:kyuubi:1.8.3
  • Apache » Kyuubi » Version: 1.9.0
    cpe:2.3:a:apache:kyuubi:1.9.0
  • Apache » Kyuubi » Version: 1.9.1
    cpe:2.3:a:apache:kyuubi:1.9.1
  • Apache » Kyuubi » Version: 1.9.2
    cpe:2.3:a:apache:kyuubi:1.9.2
  • Apache » Kyuubi » Version: 1.9.3
    cpe:2.3:a:apache:kyuubi:1.9.3
  • Apache » Kyuubi » Version: 1.9.4
    cpe:2.3:a:apache:kyuubi:1.9.4


Products
Pricing
Contact Us

Shodan ® - All rights reserved