Moderate severityNVD Advisory· Published Oct 9, 2025· Updated Nov 4, 2025
Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC: SQL injection via maliciously crafted identifiers
CVE-2025-62228
Description
Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update Flink CDC version to 3.5.0 which address this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.flink:flink-cdc-pipeline-connectorsMaven | >= 3.0.0, < 3.5.0 | 3.5.0 |
org.apache.flink:flink-connector-oracle-cdcMaven | >= 3.0.0, < 3.5.0 | 3.5.0 |
org.apache.flink:flink-connector-db2-cdcMaven | >= 3.0.0, < 3.5.0 | 3.5.0 |
org.apache.flink:flink-connector-sqlserver-cdcMaven | >= 3.0.0, < 3.5.0 | 3.5.0 |
org.apache.flink:flink-connector-mysql-cdcMaven | >= 3.0.0, < 3.5.0 | 3.5.0 |
Affected products
6- ghsa-coords5 versionspkg:maven/org.apache.flink/flink-cdc-pipeline-connectorspkg:maven/org.apache.flink/flink-connector-db2-cdcpkg:maven/org.apache.flink/flink-connector-mysql-cdcpkg:maven/org.apache.flink/flink-connector-oracle-cdcpkg:maven/org.apache.flink/flink-connector-sqlserver-cdc
>= 3.0.0, < 3.5.0+ 4 more
- (no CPE)range: >= 3.0.0, < 3.5.0
- (no CPE)range: >= 3.0.0, < 3.5.0
- (no CPE)range: >= 3.0.0, < 3.5.0
- (no CPE)range: >= 3.0.0, < 3.5.0
- (no CPE)range: >= 3.0.0, < 3.5.0
- Apache Software Foundation/Apache Flink CDCv5Range: 3.3.0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-wqm3-w3p6-xjgmghsaADVISORY
- lists.apache.org/thread/3dn0hc1wbc5sj0jbgdg33gtnwlw7qrl3ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2025-62228ghsaADVISORY
- www.openwall.com/lists/oss-security/2025/10/09/2ghsaWEB
- github.com/apache/flink-cdc/commit/d5766187a9a4b191820e10238d4594ae665cdb89ghsaWEB
- github.com/apache/flink-cdc/pull/4123ghsaWEB
News mentions
0No linked articles in our index yet.