CVE-2025-61735

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-61735
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61735.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-61735
Aliases
Published
2025-10-02T10:15:40.250Z
Modified
2026-04-10T05:32:42.908335Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin.

This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected.

Users are recommended to upgrade to version 5.0.3, which fixes the issue.

References

Affected packages

Git / github.com/apache/kylin

Affected ranges

Type
GIT
Repo
https://github.com/apache/kylin
Events
Introduced
aa6d582c0a96fdf31e85791f86850cfc00a7644f
Fixed
196016ffa4b70a68439be72d75584d2f99ed23b1
Database specific 
{
    "versions": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "5.0.3"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61735.json"