CVE-2025-61735

CVE-2025-61735: Apache Kylin: Server-Side Request Forgery

Vendor Apache Software Foundation

Product Apache Kylin

Weakness CWE-918 · SSRF

Published October 2, 2025

Last update November 4, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue.

Key dates

Disclosure timeline

October 2, 2025 CVE published

November 4, 2025 Record updated