CVE-2025-61735

Source
https://cve.org/CVERecord?id=CVE-2025-61735
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61735.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-61735
Aliases
Published
2025-10-02T09:47:49.948Z
Modified
2026-07-15T01:48:52.882779466Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
Apache Kylin: Server-Side Request Forgery
Details

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin.

This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected.

Users are recommended to upgrade to version 5.0.3, which fixes the issue.

Database specific
{
    "cna_assigner": "apache",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/61xxx/CVE-2025-61735.json",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "4.0.0"
                },
                {
                    "last_affected": "5.0.2"
                }
            ]
        },
        {
            "source": "DESCRIPTION",
            "extracted_events": [
                {
                    "introduced": "4.0.0"
                },
                {
                    "fixed": "5.0.2"
                }
            ]
        }
    ],
    "cwe_ids": [
        "CWE-918"
    ]
}
References

Affected packages

Git / github.com/apache/kylin

Affected ranges

Type
GIT
Repo
https://github.com/apache/kylin
Events
Database specific
{
    "cpe": "cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "5.0.3"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61735.json"