QwikSec

Security Database

CVE

CWE

Training

CVE-2025-27528

Published: May 28, 2025

Modified: May 28, 2025

PUBLISHED

Description

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/11747

Vendor	Product	Versions
Apache Software Foundation	Apache InLong	affected `1.13.0 - <= 2.1.0`

Weaknesses (CWE)

References

https://lists.apache.org/thread/b807rqzgyv4qgvxw3nhkq8tl6g90gqgj

vendor-advisory

https://github.com/apache/inlong/pull/11747

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.