Files Accessible to External Parties in Apache Kylin by Apache
CVE-2025-61734

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Kylin
Vendor: CVE Published:; 2 October 2025

What is CVE-2025-61734?

The vulnerability in Apache Kylin allows unauthorized access to files or directories, potentially exposing sensitive data to external parties. This affects all versions of Kylin from 4.0.0 through 5.0.2. Securing admin access is crucial to mitigating this issue. Users are urged to upgrade to version 5.0.3 to address this vulnerability and enhance their data security.

Affected Version(s)

Apache Kylin 4.0.0 <= 5.0.2

References

https://lists.apache.org/thread/z705g7sn3g0bkchlqbo1hz1ty...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 2, 2025
Vulnerability Reserved
Sep 30, 2025

Credit

liuhuajin <[email protected]>

JSON