CVE-2025-61734

📊 7.5 HIGH⚡ 0.1%🎯 0 exploits

📅 Published Oct 2, 2025

📋 Status: Analyzed

Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.

CVSS v3.1 • 134c704f-9b21-4f2e-91b3-4a467353bcc0

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	apache	kylin	≥ 4.0.0 ∧ < 5.0.3	Vulnerable	cpe:2.3:a:apache:kylin::::::::

📱

apache / kylin

Application

Vulnerable

Version: ≥ 4.0.0 ∧ < 5.0.3

CPE:

cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*

Metrics

7.5 HIGHCVSS v3.1134c704f-9b21-4f2e-91b3-4a467353bcc0

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector:

NETWORK

Complexity:

LOW

Privileges:

NONE

User Interaction:

NONE

Confidentiality:

HIGH

Integrity:

NONE

Availability:

NONE

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

7.5 (HIGH)v3.1

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

EPSS Details

0.1% (Minimal)19.2th percentile

Last updated: Oct 31, 2025

Exploitation probability within 30 days

Published Date

Oct 2, 2025 (1 month ago)

Last Modified

Oct 3, 2025 (1 month ago)

Security Weaknesses1

CWE-552

References2

NVDgeneral