Severity
High
Analysis Summary
CVE-2025-27888
Apache Druid is vulnerable to server-side request forgery, caused by a flaw when using the Druid management proxy.
Impact
- Gain Access
Indicators of Compromise
CVE
CVE-2025-27888
Affected Vendors
Apache
Affected Products
- Apache Druid - 31.0.1 - 32.0.0
Remediation
Upgrade to the latest version of Apache Products, available from the Apache Website.