Directory Traversal Vulnerability in Cloudera Hue by Cloudera
CVE-2025-3884

7.5HIGH

Key Information:

Vendor

Cloudera

Status
Hue
Vendor
CVE Published:
22 May 2025

What is CVE-2025-3884?

A directory traversal vulnerability exists within the Ace Editor web application in Cloudera Hue, allowing unauthorized remote attackers to access sensitive information. The flaw arises from inadequate validation of user-supplied paths, which, when exploited, can lead to the disclosure of files in the context of the service account. This vulnerability poses significant security risks for organizations utilizing affected installations, as it may expose critical data without requiring any form of authentication.

Affected Version(s)

Hue 4.11.0

References

https://www.zerodayinitiative.com/advisories/ZDI-25-250/
x_research-advisory

CVSS V3.0

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.