CVE-2025-61735

📊 7.3 HIGH⚡ 0.1%🎯 0 exploits

📅 Published Oct 2, 2025

📋 Status: Analyzed

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue.

CVSS v3.1 • 134c704f-9b21-4f2e-91b3-4a467353bcc0

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	apache	kylin	≥ 4.0.0 ∧ < 5.0.3	Vulnerable	cpe:2.3:a:apache:kylin::::::::

📱

apache / kylin

Application

Vulnerable

Version: ≥ 4.0.0 ∧ < 5.0.3

CPE:

cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*

Metrics

7.3 HIGHCVSS v3.1134c704f-9b21-4f2e-91b3-4a467353bcc0

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector:

NETWORK

Complexity:

LOW

Privileges:

NONE

User Interaction:

NONE

Confidentiality:

LOW

Integrity:

LOW

Availability:

LOW

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

7.3 (HIGH)v3.1

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

EPSS Details

0.1% (Minimal)18.6th percentile

Last updated: Oct 31, 2025

Exploitation probability within 30 days

Published Date

Oct 2, 2025 (1 month ago)

Last Modified

Oct 3, 2025 (1 month ago)

Security Weaknesses1

CWE-918

References2

NVDgeneral