Deserialization Vulnerability in Apache InLong Affects Multiple Versions
CVE-2025-27528
9.1CRITICAL
What is CVE-2025-27528?
A deserialization vulnerability in Apache InLong versions 1.13.0 through 2.1.0 enables attackers to bypass security mechanisms. This flaw can lead to unauthorized arbitrary file reading, posing a serious risk to data integrity and security. Users are urged to upgrade to Apache InLong version 2.2.0 or apply selected patches to eliminate the vulnerability.
Affected Version(s)
Apache InLong 1.13.0 <= 2.1.0