exploitDog

CVE-2025-62228

Опубликовано: 09 окт. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update Flink CDC version to 3.5.0 which address this issue.

Ссылки

https://lists.apache.org/thread/3dn0hc1wbc5sj0jbgdg33gtnwlw7qrl3
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/10/09/2
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:flink_cdc:3.4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 14%

0.00046

Низкий

8.8 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-wqm3-w3p6-xjgm

github

4 месяца назад

Apache Flink CDC is vulnerable to SQL Injection through maliciously crafted identifiers

EPSS

Процентиль: 14%

0.00046

Низкий

8.8 High

CVSS3

Дефекты

CWE-89