CVE-2025-32897
- Source
- https://cve.org/CVERecord?id=CVE-2025-32897
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32897.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-32897
- Aliases
- Published
- 2025-06-28T19:15:21.917Z
- Modified
- 2026-04-12T15:15:02.080993Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).
This security vulnerability is the same as CVE-2024-47552, but the version range described in the CVE-2024-47552 definition is too narrow. This issue affects Apache Seata (incubating): from 2.0.0 before 2.3.0.
Users are recommended to upgrade to version 2.3.0, which fixes the issue.
- References
Affected packages
Git / github.com/apache/incubator-seata
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32897.json"
vanir_signatures_modified
"2026-04-12T15:15:02Z"
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 781.0,
"function_hash": "240067990988798984774333426527542216993"
},
"source": "https://github.com/apache/incubator-seata/commit/0ad2847465fa877a2c65ea84ed43f5b0984c3ce9",
"id": "CVE-2025-32897-07302aff",
"signature_type": "Function",
"target": {
"function": "onRollbackFailure",
"file": "compatible/src/test/java/io/seata/tm/api/DefaultFailureHandlerImplTest.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"214371701131224498867116484830138557703",
"103326891935392308817415952443352830416",
"29836720890721288277864917060910770819",
"186845443821405445959121861006761966953",
"217365845043367773184233231979282871872",
"82114271901885231626273463470417740184",
"146361738576118732171276518781402474454",
"310510940811645211455589781085390188165",
"263244397258121676730293097289174157752",
"29439393588654488175608979012935492705",
"102413946797138234201662137666013873019",
"260497709188647182438199528598918129591",
"215173368832176471242132037284754458404",
"175215250857535432569302346962253013528",
"62986732600527447919352984799946447514",
"118997166559430201205377471925113345461",
"322471347800547440191851543434567799974",
"122680355191551761480435053745164815374",
"276339125260561915457282481194820802964",
"140547074940766806655608472131492699319",
"174350547264623027348106163151060642331",
"137923086386680235195368373485846998567",
"272888749388520485511006835967757413987",
"118997166559430201205377471925113345461",
"321094720905825230590926674286971477305",
"60588315817936963341787888240580836278",
"218198032645929880224463458707450260537",
"15319099719913058711416722187492345748",
"317550517784042902280322593981889560653",
"89368058117736478701828344361097650381",
"27308704412086359555145297805837498242",
"301319239267573754008104887185413256567",
"222450974535972369463885271580295867730",
"244121519962982378680254867060810488396",
"95632042134146977834463884110560855540",
"230550138545905725533269700658427621704",
"248614934668312562197066148392379201343",
"206041177008454488933624853012107108510",
"144720166662055302258879218510818532341",
"94660915357466434881163650744661959389",
"241873659775370499306438596218264438967",
"48056173169660791785897840437312774305",
"118997166559430201205377471925113345461",
"78501750082687453791018867956359540867",
"134980027055803332390119242149718454755",
"262683033407838943273187555829451481280",
"295546450488981567970016300238048336620",
"317550517784042902280322593981889560653",
"89368058117736478701828344361097650381",
"27308704412086359555145297805837498242",
"92631555481375945709892771140716687871",
"299377563284640409359971873919771245737",
"71071283592129147174369364284906572370",
"150819172612671075925115838154738652001",
"230550138545905725533269700658427621704",
"248614934668312562197066148392379201343",
"283055200384401393662846797855649751488"
]
},
"source": "https://github.com/apache/incubator-seata/commit/0ad2847465fa877a2c65ea84ed43f5b0984c3ce9",
"id": "CVE-2025-32897-286a2cfe",
"signature_type": "Line",
"target": {
"file": "compatible/src/test/java/io/seata/tm/api/DefaultFailureHandlerImplTest.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 301.0,
"function_hash": "202134273638937640523091858698907516464"
},
"source": "https://github.com/apache/incubator-seata/commit/0ad2847465fa877a2c65ea84ed43f5b0984c3ce9",
"id": "CVE-2025-32897-4bf21141",
"signature_type": "Function",
"target": {
"function": "onBeginFailure",
"file": "tm/src/test/java/org/apache/seata/tm/api/DefaultFailureHandlerImplTest.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 763.0,
"function_hash": "11443722429053205124381077063215277104"
},
"source": "https://github.com/apache/incubator-seata/commit/0ad2847465fa877a2c65ea84ed43f5b0984c3ce9",
"id": "CVE-2025-32897-6de3dd52",
"signature_type": "Function",
"target": {
"function": "onCommitFailure",
"file": "tm/src/test/java/org/apache/seata/tm/api/DefaultFailureHandlerImplTest.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 764.0,
"function_hash": "40891575550624031541142231537032272934"
},
"source": "https://github.com/apache/incubator-seata/commit/0ad2847465fa877a2c65ea84ed43f5b0984c3ce9",
"id": "CVE-2025-32897-7461265b",
"signature_type": "Function",
"target": {
"function": "onRollbackFailure",
"file": "tm/src/test/java/org/apache/seata/tm/api/DefaultFailureHandlerImplTest.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 326.0,
"function_hash": "69413645204021743567426950099396618754"
},
"source": "https://github.com/apache/incubator-seata/commit/0ad2847465fa877a2c65ea84ed43f5b0984c3ce9",
"id": "CVE-2025-32897-884fdb5b",
"signature_type": "Function",
"target": {
"function": "onBeginFailure",
"file": "compatible/src/test/java/io/seata/tm/api/DefaultFailureHandlerImplTest.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"215173368832176471242132037284754458404",
"305032704825348911215330062759723646232",
"163618769591464039381844358586532737951",
"107328969793023525655820777135945710337",
"317339715957054479303503280999366021643",
"307212327460262980954635851408249695992",
"276339125260561915457282481194820802964",
"140547074940766806655608472131492699319",
"174350547264623027348106163151060642331",
"10162338892946920728949814435737932849",
"334349791224166347928686719021351369262",
"107328969793023525655820777135945710337",
"300634779041623689618478763233866348006",
"50459287837539536243048118737281602061",
"233375589630845857206844704940219804078",
"161081529563893060517148914601534780865",
"197491897922221397590990071679749577085",
"89368058117736478701828344361097650381",
"27308704412086359555145297805837498242",
"301319239267573754008104887185413256567",
"222450974535972369463885271580295867730",
"244121519962982378680254867060810488396",
"95632042134146977834463884110560855540",
"230550138545905725533269700658427621704",
"248614934668312562197066148392379201343",
"206041177008454488933624853012107108510",
"144720166662055302258879218510818532341",
"94660915357466434881163650744661959389",
"219072849152372509987863076951385938844",
"329874858319699511374374840452843668006",
"107328969793023525655820777135945710337",
"84771242885442855081822921050681634259",
"151147112222226890928071623970661688574",
"215535698506305437485139376121484603910",
"14694940081743184738712572913449797815",
"197491897922221397590990071679749577085",
"89368058117736478701828344361097650381",
"27308704412086359555145297805837498242",
"92631555481375945709892771140716687871",
"299377563284640409359971873919771245737",
"71071283592129147174369364284906572370",
"150819172612671075925115838154738652001",
"230550138545905725533269700658427621704",
"248614934668312562197066148392379201343",
"283055200384401393662846797855649751488"
]
},
"source": "https://github.com/apache/incubator-seata/commit/0ad2847465fa877a2c65ea84ed43f5b0984c3ce9",
"id": "CVE-2025-32897-907b506b",
"signature_type": "Line",
"target": {
"file": "tm/src/test/java/org/apache/seata/tm/api/DefaultFailureHandlerImplTest.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 780.0,
"function_hash": "85391567855351372668753100169001057514"
},
"source": "https://github.com/apache/incubator-seata/commit/0ad2847465fa877a2c65ea84ed43f5b0984c3ce9",
"id": "CVE-2025-32897-abc1a04f",
"signature_type": "Function",
"target": {
"function": "onCommitFailure",
"file": "compatible/src/test/java/io/seata/tm/api/DefaultFailureHandlerImplTest.java"
}
}
]