Moderate severityNVD Advisory· Published May 28, 2025· Updated May 28, 2025
Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read
CVE-2025-27528
Description
Deserialization of Untrusted Data vulnerability in Apache InLong.
This issue affects Apache InLong: from 1.13.0 through 2.1.0.
This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it.
[1] https://github.com/apache/inlong/pull/11747
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.inlong:manager-pojoMaven | >= 1.13.0, < 2.2.0 | 2.2.0 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/apache/inlong/pull/11747ghsapatchWEB
- github.com/advisories/GHSA-98v7-xxxv-hcrhghsaADVISORY
- lists.apache.org/thread/b807rqzgyv4qgvxw3nhkq8tl6g90gqgjghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2025-27528ghsaADVISORY
- www.openwall.com/lists/oss-security/2025/05/28/3ghsaWEB
News mentions
0No linked articles in our index yet.