Multiple Apache Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-48734 CVSS:8.8

Apache Commons BeanUtils could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw when accessing enum properties in an uncontrolled way.

CVE-2025-27528 CVSS:9.1

Apache InLong could allow a remote attacker to bypass the security mechanisms of JDBC and read arbitrary files, caused by an unsafe deserialization flaw.

CVE-2025-27526 CVSS:6.5

Apache InLong could allow a remote attacker to bypass URLEncdoe and backspace, caused by an unsafe deserialization flaw.

CVE-2025-27522 CVSS:6.5

Apache InLong could allow a remote attacker to perform a secondary mining bypass, caused by an unsafe deserialization flaw.

Impact

Code Execution
Security Bypass

Indicators of Compromise

CVE

CVE-2025-48734
CVE-2025-27528
CVE-2025-27526
CVE-2025-27522

Affected Vendors

Apache

Affected Products

Apache Commons BeanUtils - 1.0 - 2.0.0-M1
Apache InLong - 1.13.0 - 2.1.0

Remediation

Refer to Apache Website for patch, upgrade, or suggested workaround information.

CVE-2025-41235 – VMware Spring Cloud Gateway Server Vulnerability

Spear-Phishing Campaign Drops NetBird RAT on Financial Targets – Active IOCs

Multiple Apache Products Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan