Deserialization Vulnerability in Apache InLong Affects Multiple Versions
CVE-2025-27522

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Inlong
Vendor: CVE Published:; 28 May 2025

🔔 Create Apache Vulnerability Alert

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2025-27522?

A deserialization of untrusted data vulnerability exists in Apache InLong versions 1.13.0 through 2.1.0, allowing potential exploitation that could lead to security breaches. This issue is identified as a secondary mining bypass related to a previously identified vulnerability. Users are strongly encouraged to upgrade to Apache InLong version 2.2.0 or apply the necessary patches to mitigate this risk effectively.

Affected Version(s)

Apache InLong 1.13.0 <= 2.1.0

News Articles

The Cyber Express

Apache InLong CVE-2025-27522 Exposes RCE Attacks

CVE-2025-27522 affects Apache InLong 1.13.0–2.1.0, enabling remote code execution via unsafe deserialization.

thmubnail image

Apache InLong JDBC Vulnerability Enables Deserialization of Untrusted Data

The flaw, affecting versions 1.13.0 through 2.1.0, centers on the deserialization of untrusted data during JDBC verification processing.

thmubnail image

References

https://lists.apache.org/thread/s4dnmq3gwcjocxf85qk190knl...

vendor-advisory

https://github.com/apache/inlong/pull/11732

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 30, 2025
📰
First article discovered by GBHackers News
May 29, 2025
Vulnerability published
May 28, 2025
Vulnerability Reserved
Feb 27, 2025

Credit

yulate

m4x

.