CVE-2025-32896 – Apache SeaTunnel Unauthenticated Arbitrary File Read and Deserialization Vulnerability

June 19, 2025

CVE ID : CVE-2025-32896

Published : June 19, 2025, 11:15 a.m. | 1 hour, 29 minutes ago

Description : # Summary

Unauthorized users can perform Arbitrary File Read and Deserialization
attack by submit job using restful api-v1.

# Details
Unauthorized users can access `/hazelcast/rest/maps/submit-job` to submit
job.
An attacker can set extra params in mysql url to perform Arbitrary File
Read and Deserialization attack.

This issue affects Apache SeaTunnel:
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6019 – Libblockdev Polkit Local Privilege Escalation

Next Article CVE-2005-2347 – CVE-2022-1234: Apache Struts XML Entity Expansion (XXE) Vulnerability

Representative Line: Brace Yourself

Beyond the Pilot: A Playbook for Enterprise-Scale Agentic AI

GitHub launches MCP Registry to provide central location for trusted servers

MongoDB brings Search and Vector Search to self-managed versions of database

Distribution Release: Security Onion 2.4.180

Distribution Release: Omarchy 3.0.1

Distribution Release: Mauna Linux 25

Distribution Release: SparkyLinux 2025.09

AI Momentum and Perficient’s Inclusion in Analyst Reports – Highlights From 2025 So Far

AI Momentum and Perficient’s Inclusion in Analyst Reports – Highlights From 2025 So Far

Shopping Portal using Python Django & MySQL

Perficient Earns Adobe’s Real-time CDP Specialization

Valve Survey Reveals Slight Retreat in Steam-on-Linux Share

Valve Survey Reveals Slight Retreat in Steam-on-Linux Share

Review: Elecrow’s All-in-one Starter Kit for Pico 2

FOSS Weekly #25.38: GNOME 49 Release, KDE Drama, sudo vs sudo-rs, Local AI on Android and More Linux Stuff

CVE-2025-32896 – Apache SeaTunnel Unauthenticated Arbitrary File Read and Deserialization Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-46101 – Beakon Software Beakon Learning Management System SCORM SQL Injection

CVE-2025-32711 – Microsoft 365 Copilot Command Injection Vulnerability

CVE-2025-4738 – Yirmibes Software MY ERP SQL Injection

“GPT4o’s update is absurdly dangerous to release to a billion active users”: Even OpenAI CEO Sam Altman admits ChatGPT is “too sycophant-y,” but a fix is on the way

Atla AI Introduces the Atla MCP Server: A Local Interface of Purpose-Built LLM Judges via Model Context Protocol (MCP)

Pac-Man Celebrates 45 Years With Xbox Free Play Days This Weekend

May 2025: All AI updates from the past month

CVE-2025-6232 – Lenovo Vantage Elevation of Privilege

CVE-2025-32896 – Apache SeaTunnel Unauthenticated Arbitrary File Read and Deserialization Vulnerability

Related Posts