CVE-2025-32896

Apache SeaTunnel

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-32896 affects Apache SeaTunnel, a distributed data integration platform. Specifically, versions 2.3.1 through 2.3.10 are vulnerable. The vulnerability stems from unauthenticated access to the `/hazelcast/rest/maps/submit-job` REST API endpoint. Attackers can exploit this vulnerability by injecting malicious parameters into a MySQL connection URL via the REST API. This allows for arbitrary file read and deserialization attacks. To mitigate this issue, users are advised to upgrade to version 2.3.11 and enable restful API-v2 along with two-way HTTPS authentication.

Description
-

Social media

Hype score
Not currently trending

  1. CVE-2025-32896: Apache SeaTunnel Flaw Enables Unauthenticated File Read & RCE https://t.co/4QtJECskvC

    @Dinosn

    13 Apr 2025

    2951 Impressions

    5 Retweets

    28 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-32896 CVE-2025-32896 https://t.co/fduE92rtpX Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x

    @VulmonFeeds

    12 Apr 2025

    70 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-32896: Apache SeaTunnel: Unauthenticated insecure access https://t.co/wcIw5BJCgv Severity: moderate Arbitrary File Read and Deserialization attack by submitting job using restful api-v1. Upgrade to 2.3.11, and enable restful api-v2 & open https two-way authentication

    @oss_security

    12 Apr 2025

    277 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References