CVE-2025-61735

Apache Kylin: Server-Side Request Forgery

CVSS 7.3 HIGHEPSS 0.5%CWE-918

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

02 oct 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Productos afectados

Apache Software Foundation · Apache Kylin

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://lists.apache.org/thread/yscobmx869zvprsykb94r24jtmb58ckh http://www.openwall.com/lists/oss-security/2025/09/30/9