CVE-2025-27528 – Apache InLong Deserialization of Untrusted Data Remote File Read Vulnerability

CVE ID : CVE-2025-27528

Published : May 28, 2025, 8:15 a.m. | 1 hour, 27 minutes ago

Description : Deserialization of Untrusted Data vulnerability in Apache InLong.

This issue affects Apache InLong: from 1.13.0 through 2.1.0.

This
vulnerability allows attackers to bypass the security mechanisms of InLong
JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong’s 2.2.0 or cherry-pick [1] to solve it.

[1] https://github.com/apache/inlong/pull/11747

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…