{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T15:19:11.378","vulnerabilities":[{"cve":{"id":"CVE-2025-33042","sourceIdentifier":"security@apache.org","published":"2026-02-13T12:16:07.570","lastModified":"2026-02-20T15:07:04.680","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas.\n\nThis issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0.\n\nUsers are recommended to upgrade to version 1.12.1 or 1.11.5, which fix the issue."},{"lang":"es","value":"Vulnerabilidad de control inadecuado de la generación de código ('Inyección de código') en el SDK de Java de Apache Avro al generar registros específicos a partir de esquemas Avro no confiables.\n\nEste problema afecta al SDK de Java de Apache Avro: todas las versiones hasta la 1.11.4 y la versión 1.12.0.\n\nSe recomienda a los usuarios actualizar a la versión 1.12.1 o 1.11.5, que solucionan el problema."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:avro:*:*:*:*:*:-:*:*","versionEndExcluding":"1.11.5","matchCriteriaId":"91C753AB-7CED-4EAF-9151-FD0B9B1C0D2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:avro:1.12.0:-:*:*:*:-:*:*","matchCriteriaId":"66D75377-FB84-444C-A23A-C260EF1E2B31"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:avro:1.12.0:rc0:*:*:*:-:*:*","matchCriteriaId":"75016805-D38F-43B5-B9AD-BD1CD12F8927"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:avro:1.12.0:rc1:*:*:*:-:*:*","matchCriteriaId":"13BEFC9E-6476-43B9-9DDD-C5D9CC1ACDC6"}]}]}],"references":[{"url":"https://lists.apache.org/thread/fy88wmgf1lj9479vrpt12cv8x73lroj1","source":"security@apache.org","tags":["Mailing List","Vendor Advisory","Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2026/02/12/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}