icon

We found results for “

CVE-2025-32896

Good to know:

icon
icon

Date: June 19, 2025

An Unauthenticated insecure access vulnerability in Apache SeaTunnel up to 2.3.10 .Unauthorized users can access `/hazelcast/rest/maps/submit-job` to submit job. This allows an attacker to set extra params in mysql url to perform Arbitrary File Read and Deserialization attack.

Severity Score

Severity Score

Weakness Type (CWE)

Improper Authorization

CWE-285

Missing Authentication for Critical Function

CWE-306

Top Fix

icon

Upgrade Version

Upgrade to version org.apache.seatunnel:seatunnel-engine-server:2.3.11;org.apache.seatunnel:seatunnel-engine-common:2.3.11

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

Do you need more information?

Contact Us