CVE-2025-30067 (GCVE-0-2025-30067)

Vulnerability from cvelistv5 – Published: 2025-03-27 15:06 – Updated: 2025-03-27 17:56
VLAI?
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.1. Users are recommended to upgrade to version 5.0.2 or above, which fixes the issue.
Severity ?
No CVSS data available.
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
Vendor Product Version
Apache Software Foundation Apache Kylin Affected: 4.0.0 , ≤ 5.0.1 (semver)
Create a notification for this product.
Credits
Pho3n1x <ph03n1x@qq.com>
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-03-27T16:04:17.436Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/03/27/4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.2,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-30067",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-27T17:54:19.014750Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-27T17:56:13.192Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.kylin:kylin-datasource-service",
          "product": "Apache Kylin",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "5.0.1",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pho3n1x \u003cph03n1x@qq.com\u003e"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Apache Kylin. \nIf an attacker gets access to Kylin\u0027s system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin\u0027s system and project admin access is well protected.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Kylin: from 4.0.0 through 5.0.1.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 5.0.2 or above, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Apache Kylin. \nIf an attacker gets access to Kylin\u0027s system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin\u0027s system and project admin access is well protected.\n\nThis issue affects Apache Kylin: from 4.0.0 through 5.0.1.\n\nUsers are recommended to upgrade to version 5.0.2 or above, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-27T15:06:36.598Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/6j19pt8yoqfphf1lprtrzoqkvz1gwbnc"
        }
      ],
      "source": {
        "defect": [
          "KYLIN-5994"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Apache Kylin: The remote code execution via jdbc url",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-30067",
    "datePublished": "2025-03-27T15:06:36.598Z",
    "dateReserved": "2025-03-15T14:55:12.816Z",
    "dateUpdated": "2025-03-27T17:56:13.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-30067\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-03-27T15:16:02.033\",\"lastModified\":\"2025-04-11T18:06:34.633\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Apache Kylin. \\nIf an attacker gets access to Kylin\u0027s system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin\u0027s system and project admin access is well protected.\\n\\nThis issue affects Apache Kylin: from 4.0.0 through 5.0.1.\\n\\nUsers are recommended to upgrade to version 5.0.2 or above, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de control inadecuado de la generaci\u00f3n de c\u00f3digo (inyecci\u00f3n de c\u00f3digo) en Apache Kylin. Si un atacante obtiene acceso al sistema de Kylin o al permiso de administrador del proyecto, la configuraci\u00f3n de la conexi\u00f3n JDBC podr\u00eda modificarse para ejecutar c\u00f3digo arbitrario desde el control remoto. Esto no tendr\u00e1 problema siempre que el acceso al sistema de Kylin y al administrador del proyecto est\u00e9 bien protegido. Este problema afecta a Apache Kylin desde la versi\u00f3n 4.0.0 hasta la 5.0.1. Se recomienda actualizar a la versi\u00f3n 5.0.2 o superior, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"5.0.2\",\"matchCriteriaId\":\"D63271D0-528D-4E88-90B2-27822019564B\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/6j19pt8yoqfphf1lprtrzoqkvz1gwbnc\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/03/27/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/03/27/4\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-03-27T16:04:17.436Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-30067\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-27T17:54:19.014750Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-27T17:54:50.444Z\"}}], \"cna\": {\"title\": \"Apache Kylin: The remote code execution via jdbc url\", \"source\": {\"defect\": [\"KYLIN-5994\"], \"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Pho3n1x \u003cph03n1x@qq.com\u003e\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Kylin\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.0.1\"}], \"packageName\": \"org.apache.kylin:kylin-datasource-service\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/6j19pt8yoqfphf1lprtrzoqkvz1gwbnc\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Apache Kylin. \\nIf an attacker gets access to Kylin\u0027s system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin\u0027s system and project admin access is well protected.\\n\\nThis issue affects Apache Kylin: from 4.0.0 through 5.0.1.\\n\\nUsers are recommended to upgrade to version 5.0.2 or above, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eImproper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Apache Kylin. \\nIf an attacker gets access to Kylin\u0027s system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin\u0027s system and project admin access is well protected.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Kylin: from 4.0.0 through 5.0.1.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 5.0.2 or above, which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-03-27T15:06:36.598Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-30067\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-27T17:56:13.192Z\", \"dateReserved\": \"2025-03-15T14:55:12.816Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-03-27T15:06:36.598Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.