Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-27531

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 before 2.1.0, this issue would allow an authenticated attacker to read arbitrary files by double writing the param. Users are recommended to upgrade to version 2.1.0, which fixes the issue.

Published

2025-06-06T15:15:23.883

Last Modified

2025-06-23T14:24:00.320

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-502

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	inlong	< 2.1.0	Yes

References

https://lists.apache.org/thread/r62lkqrr739wvcb60j6ql6q63rh4bxx5 Vendor Advisory, Mailing List ([email protected])
http://www.openwall.com/lists/oss-security/2025/02/28/2 Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)