Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN500
_____________________________________________________________________

DATE                : 12/08/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Seata versions prior to
                                        2.4.0.

=====================================================================
https://lists.apache.org/thread/ggfd72vvvxjozs81zbcls45zxg64pphx
_____________________________________________________________________

CVE-2025-53606: Apache Seata (incubating): Deserialization of
untrusted Data in Apache Seata Server

Severity: low 


Affected versions:

- Apache Seata (incubating) 2.4.0


Description:

Deserialization of Untrusted Data vulnerability in Apache Seata
(incubating).

This issue affects Apache Seata (incubating): 2.4.0.

Users are recommended to upgrade to version 2.5.0, which fixes the
issue.


Credit:

A.R. (finder)


References:

https://seata.incubator.apache.org
https://www.cve.org/CVERecord?id=CVE-2025-53606


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================