CVE-2025-30067

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.1. Users are recommended to upgrade to version 5.0.2 or above, which fixes the issue.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://lists.apache.org/thread/6j19pt8yoqfphf1lprtrzoqkvz1gwbnc	Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/03/27/4	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-27 15:16

Updated : 2025-04-11 18:06

NVD link : CVE-2025-30067

Mitre link : CVE-2025-30067

CVE.ORG link : CVE-2025-30067

JSON object : View

Products Affected

apache

kylin

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2025-30067", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2025-03-27T15:16:02.033", "references": [{"url": "https://lists.apache.org/thread/6j19pt8yoqfphf1lprtrzoqkvz1gwbnc", "tags": ["Mailing List", "Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2025/03/27/4", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Kylin. \nIf an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system and project admin access is well protected.\n\nThis issue affects Apache Kylin: from 4.0.0 through 5.0.1.\n\nUsers are recommended to upgrade to version 5.0.2 or above, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de control inadecuado de la generaci\u00f3n de c\u00f3digo (inyecci\u00f3n de c\u00f3digo) en Apache Kylin. Si un atacante obtiene acceso al sistema de Kylin o al permiso de administrador del proyecto, la configuraci\u00f3n de la conexi\u00f3n JDBC podr\u00eda modificarse para ejecutar c\u00f3digo arbitrario desde el control remoto. Esto no tendr\u00e1 problema siempre que el acceso al sistema de Kylin y al administrador del proyecto est\u00e9 bien protegido. Este problema afecta a Apache Kylin desde la versi\u00f3n 4.0.0 hasta la 5.0.1. Se recomienda actualizar a la versi\u00f3n 5.0.2 o superior, que soluciona el problema."}], "lastModified": "2025-04-11T18:06:34.633", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D63271D0-528D-4E88-90B2-27822019564B", "versionEndExcluding": "5.0.2", "versionStartIncluding": "4.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}