Apache SeaTunnel Vulnerability Allows Unauthorized Users to Perform Deserialization Attack

June 20, 2025

Apache SeaTunnel Vulnerability Allows Unauthorized Users to Perform Deserialization Attack

Apache SeaTunnel, the widely used distributed data integration platform, has disclosed a significant security vulnerability that enables unauthorized users to execute arbitrary file read operations an …

Published Date:
Jun 20, 2025 (1 hour, 44 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32896

Source: Read More

Previous ArticleClamAV 1.4.3 and 1.0.9 Released With Fix for Vulnerabilities that Enable Remote Code Execution

Next Article Urgent WordPress Alert: Motors Theme Flaw (CVE-2025-4322) Actively Exploited for Site Takeover

Highlights

CVE-2025-27819 – Apache Kafka SASL JAAS JndiLoginModule RCE/DOS

June 10, 2025

CVE ID : CVE-2025-27819

Published : June 10, 2025, 8:15 a.m. | 1 hour, 29 minutes ago

Description : In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs to be able to connect to the Kafka cluster and have the AlterConfigs permission on the cluster resource.

Since Apache Kafka 3.4.0, we have added a system property (“-Dorg.apache.kafka.disallowed.login.modules”) to disable the problematic login modules usage in SASL JAAS configuration. Also by default “com.sun.security.auth.module.JndiLoginModule” is disabled in Apache Kafka 3.4.0, and “com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule” is disabled by default in in Apache Kafka 3.9.1/4.0.0

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

15 Essential Skills to Look for When Hiring Node.js Developers for Enterprise Projects (2025-2026)

African training program creates developers with cloud-native skills

React.js for SaaS Platforms: How Top Development Teams Help Startups Launch Faster

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

LastPass can now warn or block logins to shadow SaaS apps – here’s how

Get up to a year of Adobe Creative Cloud access for 40% off

Got 6 hours? This free AI training from Google and Goodwill can boost your resume today

Why I recommend this budget phone with a paper-like screen over ‘minimalist’ devices

Laravel Boost, your AI coding starter kit

Laravel Boost, your AI coding starter kit

Using GitHub Copilot in VS Code

Optimizely Mission Control – Part I

Top 20 kubectl Commands Every Kubernetes Beginner Must Know

Top 20 kubectl Commands Every Kubernetes Beginner Must Know

Microsoft’s record stock run collides with Nadella’s admission that 15,000 layoffs still ‘hurt’

Microsoft and Adobe Power Up Fantasy Premier League Fans with AI – Here’s How

Apache SeaTunnel Vulnerability Allows Unauthorized Users to Perform Deserialization Attack

Apache SeaTunnel Vulnerability Allows Unauthorized Users to Perform Deserialization Attack

PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads

The Wild West of Shadow IT

CVE-2025-4253 – PCMan FTP Server Buffer Overflow Vulnerability

CVE-2025-48909 – Cisco ASA Authentication Bypass Vulnerability

CVE-2025-44181 – “PhpGurukul Vehicle Record Management System Cross Site Scripting Vulnerability”

CVE-2025-32011 – KUNBUS PiCtory Authentication Bypass Vulnerability

CVE-2025-27819 – Apache Kafka SASL JAAS JndiLoginModule RCE/DOS

CVE-2025-42961 – SAP NetWeaver Application Server for ABAP Permissive Access Configuration Privilege Escalation

PSA: Diablo 4 new battle pass is broken — do not buy the Reliquary

CVE-2025-4344 – D-Link DIR-600L Remote Buffer Overflow in formLogin

Apache SeaTunnel Vulnerability Allows Unauthorized Users to Perform Deserialization Attack

Apache SeaTunnel Vulnerability Allows Unauthorized Users to Perform Deserialization Attack

Related Posts