Deserialization of Untrusted Data Vulnerability in Apache InLong by Apache
CVE-2025-27526

6.5MEDIUM

Key Information:

Vendor

Apache

Vendor
CVE Published:
28 May 2025

What is CVE-2025-27526?

A deserialization of untrusted data vulnerability in Apache InLong allows attackers to potentially exploit JDBC vulnerabilities with URLEncdoe and backspace bypass. This affects all versions from 1.13.0 up to 2.1.0. To resolve this issue, users are encouraged to upgrade to version 2.2.0 or implement a patch available in the project's GitHub repository.

Affected Version(s)

Apache InLong 1.13 <= 2.1.0

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

yulate
m4x
h3h3qaq
.
CVE-2025-27526 : Deserialization of Untrusted Data Vulnerability in Apache InLong by Apache