Apache Kylin: Server-Side Request Forgery_CVE-2025-61735

7.3 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Description

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin.

This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected.

Users are recommended to upgrade to version 5.0.3, which fixes the issue.

Basic Information

ID CVE-2025-61735

Source apache

Published Oct 2, 2025 at 09:47

Modified Oct 2, 2025 at 14:11

Affected Product

Vendor Apache Software Foundation

Product Apache Kylin

Version 4.0.0

Affected Versions Apache Software Foundation Apache Kylin 4.0.0

CWE Classification

CWE-918

References

lists.apache.org /thread/yscobmx869zvprsykb94r24jtmb58ckh

{
    "lastseen": "",
    "description": "Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin.\n\nThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\u00a0You are fine as long as the Kylin's system and project admin access is well protected.\n\nUsers are recommended to upgrade to version 5.0.3, which fixes the issue.",
    "published": "2025-10-02T09:47:49.948Z",
    "modified": "2025-10-02T14:11:22.684Z",
    "type": "cve",
    "title": "Apache Kylin: Server-Side Request Forgery",
    "source": "apache",
    "references": "https://lists.apache.org/thread/yscobmx869zvprsykb94r24jtmb58ckh",
    "id": "CVE-2025-61735",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache Kylin 4.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.3,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache Kylin",
    "version": "4.0.0",
    "vendor": "Apache Software Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}