Severity
High
Analysis Summary
CVE-2025-61735 CVSS:7.3
Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue.
CVE-2025-61733 CVSS:7.5
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.
CVE-2025-61734 CVSS:7.5
Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.
Impact
- Gain Access
- Security Bypass
Indicators of Compromise
CVE
CVE-2025-61735
CVE-2025-61733
CVE-2025-61734
Affected Vendors
Affected Products
- Apache Kylin 4.0.0 - 5.0.2
Remediation
Refer to Apache Security Advisory for patch, upgrade, or suggested workaround information.