CVE-2025-61735

high

Description

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue.

References

https://lists.apache.org/thread/yscobmx869zvprsykb94r24jtmb58ckh

http://www.openwall.com/lists/oss-security/2025/09/30/9

Details

Source: Mitre, NVD

Published: 2025-10-02

Updated: 2025-11-04

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: High

EPSS

EPSS: 0.00017