Apache Kylin: improper restriction of file read_CVE-2025-61734

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

Files or Directories Accessible to External Parties vulnerability in Apache Kylin.
You are fine as long as the Kylin's system and project admin access is well protected.

This issue affects Apache Kylin: from 4.0.0 through 5.0.2.

Users are recommended to upgrade to version 5.0.3, which fixes the issue.

Basic Information

ID CVE-2025-61734

Source apache

Published Oct 2, 2025 at 09:47

Modified Oct 2, 2025 at 17:26

Affected Product

Vendor Apache Software Foundation

Product Apache Kylin

Version 4.0.0

Affected Versions Apache Software Foundation Apache Kylin 4.0.0

CWE Classification

CWE-552

References

lists.apache.org /thread/z705g7sn3g0bkchlqbo1hz1tyqorn4d2

{
    "lastseen": "",
    "description": "Files or Directories Accessible to External Parties vulnerability in Apache Kylin.\n You are fine as long as the Kylin's system and project admin access is well protected.\n\nThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\n\nUsers are recommended to upgrade to version 5.0.3, which fixes the issue.",
    "published": "2025-10-02T09:47:15.317Z",
    "modified": "2025-10-02T17:26:38.587Z",
    "type": "cve",
    "title": "Apache Kylin: improper restriction of file read",
    "source": "apache",
    "references": "https://lists.apache.org/thread/z705g7sn3g0bkchlqbo1hz1tyqorn4d2",
    "id": "CVE-2025-61734",
    "bulletinFamily": "",
    "cwe": [
        "CWE-552"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache Kylin 4.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache Kylin",
    "version": "4.0.0",
    "vendor": "Apache Software Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}