• About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us
TechTrendFeed
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT
No Result
View All Result
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT
No Result
View All Result
TechTrendFeed
No Result
View All Result

Apache InLong JDBC Vulnerability Allows Deserialization of Untrusted Information

Admin by Admin
May 29, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


A moderate-severity vulnerability, tracked as CVE-2025-27522, has been disclosed in Apache InLong, a preferred knowledge integration platform.

The flaw, affecting variations 1.13.0 by means of 2.1.0, facilities on the deserialization of untrusted knowledge throughout JDBC (Java Database Connectivity) verification processing.

This vulnerability is assessed as a secondary mining bypass for the beforehand reported CVE-2024-26579, indicating that earlier patches have been inadequate and attackers can nonetheless exploit the system by means of various vectors.

– Commercial –
Google News

Deserialization vulnerabilities happen when an utility processes knowledge that may be manipulated by an attacker, permitting them to execute arbitrary code or entry delicate info.

On this case, the vulnerability permits risk actors to bypass safety mechanisms within the InLong JDBC part, probably resulting in unauthorized knowledge manipulation or info disclosure.

Technical Particulars and Influence

The vulnerability is rooted in the way in which Apache InLong handles serialized knowledge throughout verification.

Particularly, the system fails to adequately validate or sanitize incoming serialized objects, opening the door for attackers to craft malicious payloads.

When these payloads are deserialized, they will set off unintended behaviors, resembling arbitrary file studying or code execution.

The Frequent Weak point Enumeration (CWE) identifier for this challenge is CWE-502: Deserialization of Untrusted Information.

The vulnerability is network-exploitable and doesn’t require consumer interplay, with a CVSS v3.1 base rating estimated between 5.3 and 6.5, reflecting a reasonable to excessive threat profile.

Though there may be at the moment no public proof-of-concept or proof of energetic exploitation, the potential for knowledge breaches or system compromise stays vital.

Affected Variations and Elements

The next desk summarizes the affected merchandise and really useful remediation steps:

Affected Software program Affected Variations Mounted Model / Patch
Apache InLong 1.13.0 – 2.1.0 2.2.0 or cherry-pick #11732
maven/org.apache.inlong:manager-pojo 1.13.0 – 2.2.0 2.2.0

Mitigation and Suggestions

To handle CVE-2025-27522, Apache advises all customers to improve to model 2.2.0 of InLong or apply the patch accessible in GitHub pull request #11732.

Extra greatest practices embrace:

  • Implementing strict enter validation and sanitization for all deserialization processes.
  • Proscribing and validating sources of serialized knowledge.
  • Monitoring and auditing system logs for indicators of exploitation makes an attempt.

Pattern Code Snippet for Secure Deserialization

Under is a simplified Java instance for secure deserialization, emphasizing enter validation:

javaObjectInputStream ois = new ObjectInputStream(new FileInputStream("enter.ser"));
Object obj = ois.readObject();
if (obj instanceof ExpectedClass) {
    // Secure to proceed
    ExpectedClass knowledge = (ExpectedClass) obj;
} else {
    throw new SecurityException("Surprising object sort!");
}
ois.shut();

This strategy ensures solely anticipated object sorts are processed, decreasing the chance of arbitrary code execution.

Pressing Want for Patch Adoption

CVE-2025-27522 underscores the persistent dangers related to deserialization vulnerabilities in enterprise software program.

Whereas no energetic exploits have been reported, the convenience of network-based assaults and the bypass of earlier safety mechanisms make immediate patching important.

Organizations counting on Apache InLong ought to prioritize upgrading to model 2.2.0 or making use of the really useful patch to safeguard their knowledge pipelines and preserve compliance with greatest safety practices.

Discover this Information Fascinating! Observe us on Google Information, LinkedIn, & X to Get Immediate Updates!

Tags: ApacheDataDeserializationEnablesInLongJDBCUntrustedVulnerability
Admin

Admin

Next Post
Dynatrace Reside Debugger, Mistral Brokers API, and extra – SD Instances Every day Digest

Dynatrace Reside Debugger, Mistral Brokers API, and extra - SD Instances Every day Digest

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Trending.

Discover Vibrant Spring 2025 Kitchen Decor Colours and Equipment – Chefio

Discover Vibrant Spring 2025 Kitchen Decor Colours and Equipment – Chefio

May 17, 2025
Reconeyez Launches New Web site | SDM Journal

Reconeyez Launches New Web site | SDM Journal

May 15, 2025
Safety Amplified: Audio’s Affect Speaks Volumes About Preventive Safety

Safety Amplified: Audio’s Affect Speaks Volumes About Preventive Safety

May 18, 2025
Flip Your Toilet Right into a Good Oasis

Flip Your Toilet Right into a Good Oasis

May 15, 2025
Apollo joins the Works With House Assistant Program

Apollo joins the Works With House Assistant Program

May 17, 2025

TechTrendFeed

Welcome to TechTrendFeed, your go-to source for the latest news and insights from the world of technology. Our mission is to bring you the most relevant and up-to-date information on everything tech-related, from machine learning and artificial intelligence to cybersecurity, gaming, and the exciting world of smart home technology and IoT.

Categories

  • Cybersecurity
  • Gaming
  • Machine Learning
  • Smart Home & IoT
  • Software
  • Tech News

Recent News

How authorities cyber cuts will have an effect on you and your enterprise

How authorities cyber cuts will have an effect on you and your enterprise

July 9, 2025
Namal – Half 1: The Shattered Peace | by Javeria Jahangeer | Jul, 2025

Namal – Half 1: The Shattered Peace | by Javeria Jahangeer | Jul, 2025

July 9, 2025
  • About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us

© 2025 https://techtrendfeed.com/ - All Rights Reserved

No Result
View All Result
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT

© 2025 https://techtrendfeed.com/ - All Rights Reserved