Deserialization Vulnerability in Apache InLong Affects Multiple Versions
CVE-2025-27522

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Inlong
Vendor: CVE Published:; 28 May 2025

🔔 Create Apache Vulnerability Alert

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2025-27522?

A deserialization of untrusted data vulnerability exists in Apache InLong versions 1.13.0 through 2.1.0, allowing potential exploitation that could lead to security breaches. This issue is identified as a secondary mining bypass related to a previously identified vulnerability. Users are strongly encouraged to upgrade to Apache InLong version 2.2.0 or apply the necessary patches to mitigate this risk effectively.

Affected Version(s)

Apache InLong 1.13.0 <= 2.1.0

News Articles

The Cyber Express

Apache InLong CVE-2025-27522 Exposes RCE Attacks

CVE-2025-27522 affects Apache InLong 1.13.0–2.1.0, enabling remote code execution via unsafe deserialization.

4 weeks ago

thmubnail image

References

https://lists.apache.org/thread/s4dnmq3gwcjocxf85qk190knl...

vendor-advisory

https://github.com/apache/inlong/pull/11732

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 30, 2025
📰
First article discovered by The Cyber Express
May 30, 2025
Vulnerability published
May 28, 2025
Vulnerability Reserved
Feb 27, 2025

Credit

yulate

m4x

.