CVE-2025-53648

CVE-2025-53648: Apache Gravitino: SQL misconfiguration can access or truncate files

Vendor Apache Software Foundation
Product Apache Gravitino
Weakness CWE-89 · SQLi
Published June 30, 2026
Last update June 30, 2026

CVSS base score

What the vulnerability does

01Description

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue.

Key dates

02Disclosure timeline

June 30, 2026 CVE published