Home > Vulnerability Database > CVE-2025-30067

Mend.io Vulnerability Database

CVE-2025-30067

Good to know:

Date: March 27, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system and project admin access is well protected.

Severity Score

8.1

Related Resources (8)

Url: https://github.com/apache/kylin

Url: http://www.openwall.com/lists/oss-security/2025/03/27/4

Url: https://lists.apache.org/thread/6j19pt8yoqfphf1lprtrzoqkvz1gwbnc

Url: https://seclists.org/oss-sec/2025/q1/251

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-30067

Url: https://github.com/apache/kylin/commit/21d98f3ef29f71b50dacabbf039905f9f0f71b95

Url: https://issues.apache.org/jira/browse/KYLIN-5994

Url: https://www.mend.io/vulnerability-database/CVE-2025-30067

Severity Score

8.1

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Top Fix

Upgrade Version

Upgrade to version org.apache.kylin:kylin:5.0.2;https://github.com/apache/kylin.git - kylin-5.0.2

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-30067

Good to know:

Date: March 27, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?