Files Accessible to External Parties in Apache Kylin by Apache
CVE-2025-61734

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Kylin
Vendor: CVE Published:; 2 October 2025

What is CVE-2025-61734?

The vulnerability in Apache Kylin allows unauthorized access to files or directories, potentially exposing sensitive data to external parties. This affects all versions of Kylin from 4.0.0 through 5.0.2. Securing admin access is crucial to mitigating this issue. Users are urged to upgrade to version 5.0.3 to address this vulnerability and enhance their data security.

Affected Version(s)

Apache Kylin 4.0.0 <= 5.0.2

References

https://lists.apache.org/thread/z705g7sn3g0bkchlqbo1hz1ty...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 2, 2025
Vulnerability Reserved
Sep 30, 2025

Credit

liuhuajin <[email protected]>

JSON