CVE-2025-53602

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-53602

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53602.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-53602

Aliases

GHSA-794x-8x6x-qpfc

Published

2025-07-04T21:15:23.560Z

Modified

2026-03-13T11:36:26.395073Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Zipkin through 3.5.1 has a /heapdump endpoint (associated with the use of Spring Boot Actuator), a similar issue to CVE-2025-48927.

References

Affected packages

Git / github.com/openzipkin/zipkin

Affected ranges

Type

GIT

Repo

https://github.com/openzipkin/zipkin

Events

Introduced

Last affected

b7e22588e8d978939f2c8c7da5bb13d1467facbd

Fixed

3c7605dfdfab2dd341cf0ea121a56cefcd580d9e

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5.1"
        }
    ]
}

Affected versions

1.*

1.0.0

1.1.0

1.1.3

1.1.4

1.1.5

1.10.0

1.11.0

1.11.1

1.12.0

1.12.1

1.13.0

1.13.1

1.14.0

1.14.1

1.14.2

1.14.3

1.14.4

1.15.0

1.16.0

1.16.1

1.16.2

1.17.0

1.17.1

1.18.0

1.19.0

1.19.1

1.19.2

1.19.3

1.19.4

1.2.0

1.2.1

1.20.0

1.20.1

1.21.0

1.22.0

1.22.1

1.23.0

1.23.1

1.23.2

1.23.3

1.24.0

1.25.0

1.26.0

1.26.1

1.26.2

1.27.0

1.28.0

1.28.1

1.29.0

1.29.1

1.29.2

1.29.3

1.29.4

1.3.0

1.30.0

1.30.1

1.30.2

1.30.3

1.31.0

1.31.1

1.31.2

1.31.3

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.5.0

1.5.1

1.6.0

1.7.0

1.8.0

1.8.1

1.8.2

1.8.3

1.8.4

1.9.0

2.*

2.0.0

2.0.1

2.1.0

2.10.0

2.10.1

2.10.2

2.10.3

2.10.4

2.11.0

2.11.1

2.11.10

2.11.11

2.11.12

2.11.2

2.11.3

2.11.4

2.11.5

2.11.6

2.11.7

2.11.8

2.11.9

2.12.0

2.12.1

2.12.2

2.12.3

2.12.4

2.12.5

2.12.6

2.12.7

2.12.8

2.12.9

2.14.1

2.14.2

2.15.0

2.16.0

2.16.1

2.16.2

2.17.0

2.17.1

2.17.2

2.18.0

2.18.1

2.18.2

2.18.3

2.19.0

2.19.1

2.19.2

2.19.3

2.2.0

2.2.1

2.2.2

2.2.3

2.20.0

2.20.1

2.20.2

2.21.0

2.21.1

2.21.2

2.21.3

2.21.4

2.21.5

2.21.6

2.21.7

2.22.0

2.22.1

2.22.2

2.23.0

2.23.1

2.23.14

2.23.15

2.23.16

2.23.17

2.23.18

2.23.19

2.23.2

2.23.3

2.23.4

2.23.5

2.23.7

2.23.8

2.23.9

2.24.0

2.24.1

2.24.2

2.24.3

2.24.4

2.25.0

2.25.1

2.25.2

2.26.0

2.27.0

2.27.1

2.3.0

2.3.1

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4

2.4.5

2.4.6

2.4.7

2.4.8

2.4.9

2.5.0

2.5.1

2.5.2

2.5.3

2.6.0

2.6.1

2.7.0

2.7.1

2.7.2

2.7.3

2.8.0

2.8.1

2.8.2

2.8.3

2.8.4

2.9.0

2.9.1

2.9.2

2.9.3

2.9.4

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.1.0

3.1.1

3.2.0

3.2.1

3.3.0

3.3.1

3.4.0

3.4.1

3.4.2

3.4.3

3.4.4

3.5.0

3.5.1

docker-3.*

docker-3.1.0

v2.*

v2.13.0

v2.14.0

zipkin-0.*

zipkin-0.3.0

zipkin-0.7.0

zipkin-server-0.*

zipkin-server-0.2.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53602.json"