CVE-2025-27531CRITICAL 9.8EPSS p42.9%

CVE-2025-27531CVE-2025-27531

Description

Deserialization of Untrusted Data vulnerability in Apache InLong.  This issue affects Apache InLong: from 1.13.0 before 2.1.0, this issue would allow an authenticated attacker to read arbitrary files by double writing the param. Users are recommended to upgrade to version 2.1.0, which fixes the issue.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.58% probability of exploitation · percentile 42.9% · 2026-06-18T12:00:27Z
Published2025-06-06
Last modified2025-06-23

Underlying weaknesses· 1

CWE-502

References

  1. https://lists.apache.org/thread/r62lkqrr739wvcb60j6ql6q63rh4bxx5
  2. http://www.openwall.com/lists/oss-security/2025/02/28/2

1

TypeTargetConfidenceTier
WeaknessDeserialization of Untrusted Datacwe-5020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-27528
CVE
CVE-2026-6857
CVE
CVE-2025-62035
CVE
CVE-2025-53606
CVE
CVE-2025-30065
CVE
CVE-2026-36501
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.