Vulnerability Database

319,592

Total vulnerabilities in the database

CVE-2025-62228

Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update Flink CDC version to 3.5.0 which address this issue.

Published: Oct 9, 2025
Updated: Jan 26, 2026
CVE: CVE-2025-62228
GHSA: GHSA-wqm3-w3p6-xjgm
Severity: Medium
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
org.apache.flink / flink-cdc-pipeline-connectors	3.0.0	3.5.0
org.apache.flink / flink-connector-oracle-cdc	3.0.0	3.5.0
org.apache.flink / flink-connector-db2-cdc	3.0.0	3.5.0
org.apache.flink / flink-connector-sqlserver-cdc	3.0.0	3.5.0
org.apache.flink / flink-connector-mysql-cdc	3.0.0	3.5.0
apache / flink_cdc	3.4.0	3.4.0.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo