Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache...

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/R:U/V:C/RE:L/U:Amber

Description

Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update Flink CDC version to 3.5.0 which address this issue.

Basic Information

ID CVE-2025-62228

Source apache

Published Oct 9, 2025 at 13:15

Affected Product

Vendor Apache Software Foundation

Product Apache Flink CDC

Version 3.0.0

Affected Versions Apache Software Foundation Apache Flink CDC 3.0.0
Apache Software Foundation Apache Flink CDC 3.0.0
Apache Software Foundation Apache Flink CDC 3.0.0
Apache Software Foundation Apache Flink CDC 3.0.0
Apache Software Foundation Apache Flink CDC 3.3.0

CWE Classification

CWE-89

References

lists.apache.org /thread/3dn0hc1wbc5sj0jbgdg33gtnwlw7qrl3

{
    "lastseen": "",
    "description": "Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update Flink CDC version to 3.5.0 which address this issue.",
    "published": "2025-10-09T13:15:49.761Z",
    "modified": "2025-10-09T13:15:49.761Z",
    "type": "cve",
    "title": "Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC: SQL injection via maliciously crafted identifiers",
    "source": "apache",
    "references": "https://lists.apache.org/thread/3dn0hc1wbc5sj0jbgdg33gtnwlw7qrl3",
    "id": "CVE-2025-62228",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache Flink CDC 3.0.0\nApache Software Foundation Apache Flink CDC 3.0.0\nApache Software Foundation Apache Flink CDC 3.0.0\nApache Software Foundation Apache Flink CDC 3.0.0\nApache Software Foundation Apache Flink CDC 3.3.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/R:U/V:C/RE:L/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache Flink CDC",
    "version": "3.0.0",
    "vendor": "Apache Software Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC: SQL injection via maliciously crafted identifiers_CVE-2025-62228