CVE-2025-61735

Apache Kylin: Server-Side Request Forgery

CVSS 7.3 HIGHEPSS 0.5%CWE-918

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

02 Oct 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Apache Software Foundation · Apache Kylin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.apache.org/thread/yscobmx869zvprsykb94r24jtmb58ckh http://www.openwall.com/lists/oss-security/2025/09/30/9