CVE-2025-30067

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-30067

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30067.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-30067

Aliases

GHSA-29m8-wh9p-5wc4

Published

2025-03-27T15:16:02.033Z

Modified

2026-03-14T12:43:05.791859Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system and project admin access is well protected.

This issue affects Apache Kylin: from 4.0.0 through 5.0.1.

Users are recommended to upgrade to version 5.0.2 or above, which fixes the issue.

References

Affected packages

Git / github.com/apache/kylin

Affected ranges

Type

GIT

Repo

https://github.com/apache/kylin

Events

Introduced

aa6d582c0a96fdf31e85791f86850cfc00a7644f

Fixed

6a63bd3581876566b55a104ac8dcda22e97504d9

Database specific

{
    "versions": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "5.0.2"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30067.json"