Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN657
_____________________________________________________________________

DATE                : 01/10/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Kylin versions prior to
                                       5.0.3.

=====================================================================
https://lists.apache.org/thread/34dgv1g6djfr9kod0bjwzv82jbhkh99m
https://lists.apache.org/thread/254bh140bv0fznld2x2omslmyp32qbsp
_____________________________________________________________________


CVE-2025-61735: Apache Kylin: Server-Side Request Forgery
Severity: low 

Affected versions:

- Apache Kylin 4.0.0 through 5.0.2


Description:

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin.

This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are
fine as long as the Kylin's system and project admin access is well
protected.

Users are recommended to upgrade to version 5.0.3, which fixes the
issue.

This issue is being tracked as KYLIN-6082 


Credit:

liuhuajin <li...@huawei.com> (finder)

References:

https://kylin.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-61735
https://issues.apache.org/jira/browse/KYLIN-6082

_____________________________________________________________________

CVE-2025-61734: Apache Kylin: improper restriction of file read
Severity: low 

Affected versions:

- Apache Kylin 4.0.0 through 5.0.2

Description:

Files or Directories Accessible to External Parties vulnerability in
Apache Kylin.
 You are fine as long as the Kylin's system and project admin access
is well protected.

This issue affects Apache Kylin: from 4.0.0 through 5.0.2.

Users are recommended to upgrade to version 5.0.3, which fixes the
issue.

This issue is being tracked as KYLIN-6082 


Credit:

liuhuajin <li...@huawei.com> (finder)


References:

https://kylin.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-61734
https://issues.apache.org/jira/browse/KYLIN-6082


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================