CVE-2025-32896 – Apache SeaTunnel Unauthenticated Arbitrary File Read and Deserialization Vulnerability

June 19, 2025

CVE ID : CVE-2025-32896

Published : June 19, 2025, 11:15 a.m. | 1 hour, 29 minutes ago

Description : # Summary

Unauthorized users can perform Arbitrary File Read and Deserialization
attack by submit job using restful api-v1.

# Details
Unauthorized users can access `/hazelcast/rest/maps/submit-job` to submit
job.
An attacker can set extra params in mysql url to perform Arbitrary File
Read and Deserialization attack.

This issue affects Apache SeaTunnel:
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6019 – Libblockdev Polkit Local Privilege Escalation

Next Article CVE-2005-2347 – CVE-2022-1234: Apache Struts XML Entity Expansion (XXE) Vulnerability

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

Meet Accessible UX Research, A Brand-New Smashing Book

How to free up your Mac’s storage space – 3 easy ways

I finally found a mini PC with a striking design (and the power to back it up)

The best password generators of 2025: Expert tested

Facebook’s new passkey support could soon let you ditch your password forever

eslint-plugin-mutate

eslint-plugin-mutate

Event-Driven Microservice Backend For a Modern E-commerce Platform.

Search Params Are State – How TanStack Router Solves It

You Can Now Auto-Generate Google Forms Using Gemini Using Prompts or Files – Here’s How

You Can Now Auto-Generate Google Forms Using Gemini Using Prompts or Files – Here’s How

Google Helps Devs Build Safe Android Apps with THIS Play Policy – Find Out More Here

Microsoft Edge for Business Now Lets Admins Push Encrypted Passwords to Users Securely

CVE-2025-32896 – Apache SeaTunnel Unauthenticated Arbitrary File Read and Deserialization Vulnerability

Massive Data Leak: Hacker Allegedly Selling 16 Billion Login Credentials from Major Tech Giants

Microsoft 365 Boosts Security: Legacy File Access Protocols RPS & FrontPage RPC Phased Out July 2025

Microsoft wants to make GamePad gaming faster on Chrome for Windows 11

Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds

Developing reliable AI tools for healthcare

CVE-2024-45069 – Apache HTTP Server Remote Code Execution

JavaScript Weekly Insights #20: Latest Frameworks, Tools & Trends

Langflow Under Attacks: CVE-2025-3248 Exploited to Deliver Stealthy Flodrix Botnet

CVE-2025-4547 – SourceCodester Web-based Pharmacy Product Management System Cross-Site Scripting Vulnerability

Windows 11 will soon lose the Maps app forever, affecting dozens of users — RIP a Windows Phone relic

CVE-2025-32896 – Apache SeaTunnel Unauthenticated Arbitrary File Read and Deserialization Vulnerability

Related Posts