CVE-2025-61733

CVE-2025-61733: Apache Kylin: Authentication bypass

Vendor Apache Software Foundation

Product Apache Kylin

Weakness CWE-288

Published October 2, 2025

Last update February 26, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.

Key dates

Disclosure timeline

October 2, 2025 CVE published

February 26, 2026 Record updated