Vulnerability Database

319,897

Total vulnerabilities in the database

CVE-2025-61734

Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected.

This issue affects Apache Kylin: from 4.0.0 through 5.0.2.

Users are recommended to upgrade to version 5.0.3, which fixes the issue.

Published: Oct 2, 2025
Updated: Jan 26, 2026
CVE: CVE-2025-61734
GHSA: GHSA-p86w-w5rh-m3hx
Severity: High
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-552

Affected Software
References

Software	From	Fixed in
org.apache.kylin / kylin	4.0.0	5.0.3
org.apache.kylin / kylin-common-server	4.0.0	5.0.3
org.apache.kylin / kylin-common-service	4.0.0	5.0.3
org.apache.kylin / kylin-core-common	4.0.0	5.0.3
org.apache.kylin / kylin-core-metadata	4.0.0	5.0.3
org.apache.kylin / kylin-ops-server	4.0.0	5.0.3
org.apache.kylin / kylin-server	4.0.0	5.0.3
apache / kylin	4.0.0	5.0.3

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo