
We found results for “”
CVE-2025-32896
Good to know:


Date: June 19, 2025
An Unauthenticated insecure access vulnerability in Apache SeaTunnel up to 2.3.10 .Unauthorized users can access `/hazelcast/rest/maps/submit-job` to submit job. This allows an attacker to set extra params in mysql url to perform Arbitrary File Read and Deserialization attack.
Severity Score
Related Resources (8)
Severity Score
Weakness Type (CWE)
Top Fix

Upgrade Version
Upgrade to version org.apache.seatunnel:seatunnel-engine-server:2.3.11;org.apache.seatunnel:seatunnel-engine-common:2.3.11
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | LOW |