CVE-2025-27528CRITICAL 9.1EPSS p42.9%

CVE-2025-27528CVE-2025-27528

Description

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/11747

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.58% probability of exploitation · percentile 42.9% · 2026-06-18T12:00:27Z
Published2025-05-28
Last modified2025-06-03

Underlying weaknesses· 1

CWE-502

References

  1. https://github.com/apache/inlong/pull/11747
  2. https://lists.apache.org/thread/b807rqzgyv4qgvxw3nhkq8tl6g90gqgj
  3. http://www.openwall.com/lists/oss-security/2025/05/28/3

1

TypeTargetConfidenceTier
WeaknessDeserialization of Untrusted Datacwe-5020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-27531
CVE
CVE-2026-6857
CVE
CVE-2026-24015
CVE
CVE-2025-52725
CVE
CVE-2025-53606
CVE
CVE-2026-24713
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.