{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T01:39:00.506","vulnerabilities":[{"cve":{"id":"CVE-2025-61735","sourceIdentifier":"security@apache.org","published":"2025-10-02T10:15:40.250","lastModified":"2025-11-04T22:16:37.160","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin.\n\nThis issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected.\n\nUsers are recommended to upgrade to version 5.0.3, which fixes the issue."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"5.0.3","matchCriteriaId":"0732C89B-68F0-406A-977F-C75F554B17DD"}]}]}],"references":[{"url":"https://lists.apache.org/thread/yscobmx869zvprsykb94r24jtmb58ckh","source":"security@apache.org","tags":["Issue Tracking","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2025/09/30/9","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}