{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T16:48:47.905","vulnerabilities":[{"cve":{"id":"CVE-2025-27531","sourceIdentifier":"security@apache.org","published":"2025-06-06T15:15:23.883","lastModified":"2025-06-23T14:24:00.320","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Deserialization of Untrusted Data vulnerability in Apache InLong. \n\nThis issue affects Apache InLong: from 1.13.0 before 2.1.0, \n\nthis issue would allow an authenticated attacker to read arbitrary files by double writing the param.\n\n\n\n\n\nUsers are recommended to upgrade to version 2.1.0, which fixes the issue."},{"lang":"es","value":"Vulnerabilidad de deserialización de datos no confiables en Apache InLong. Este problema afecta a Apache InLong: desde la versión 1.13.0 hasta la 2.1.0, este problema permitía a un atacante autenticado leer archivos arbitrarios mediante la escritura duplicada del parámetro. Se recomienda a los usuarios actualizar a la versión 2.1.0, que soluciona el problema."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*","versionStartIncluding":"1.13.0","versionEndExcluding":"2.1.0","matchCriteriaId":"834EF91B-E4A3-45F8-9D09-8252C82B2F9D"}]}]}],"references":[{"url":"https://lists.apache.org/thread/r62lkqrr739wvcb60j6ql6q63rh4bxx5","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2025/02/28/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]}]}}]}