VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-5h7z-8j2q-k3hk

Essentials
Severities (17)
References (9)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-5h7z-8j2q-k3hk
Aliases	CVE-2025-61734 GHSA-p86w-w5rh-m3hx
Summary	Apache Kylin Files or Directories Accessible to External Parties Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-552	Files or Directories Accessible to External Parties
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2025-61734
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-p86w-w5rh-m3hx
cvssv3.1	7.5	https://github.com/apache/kylin
generic_textual	HIGH	https://github.com/apache/kylin
cvssv3.1	7.5	https://github.com/apache/kylin/commit/22eb8fd5dfdeffa3fc57bae6d5c82a019eece662
generic_textual	HIGH	https://github.com/apache/kylin/commit/22eb8fd5dfdeffa3fc57bae6d5c82a019eece662
cvssv3.1	7.5	https://github.com/apache/kylin/pull/2332
generic_textual	HIGH	https://github.com/apache/kylin/pull/2332
cvssv3.1	7.5	https://issues.apache.org/jira/browse/KYLIN-6082
generic_textual	HIGH	https://issues.apache.org/jira/browse/KYLIN-6082
cvssv3.1	7.5	https://lists.apache.org/thread/z705g7sn3g0bkchlqbo1hz1tyqorn4d2
generic_textual	HIGH	https://lists.apache.org/thread/z705g7sn3g0bkchlqbo1hz1tyqorn4d2
ssvc	Track	https://lists.apache.org/thread/z705g7sn3g0bkchlqbo1hz1tyqorn4d2
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2025-61734
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2025-61734
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2025/09/30/8
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2025/09/30/8

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2025-61734
		https://github.com/apache/kylin
		https://github.com/apache/kylin/commit/22eb8fd5dfdeffa3fc57bae6d5c82a019eece662
		https://github.com/apache/kylin/pull/2332
		https://issues.apache.org/jira/browse/KYLIN-6082
		https://lists.apache.org/thread/z705g7sn3g0bkchlqbo1hz1tyqorn4d2
		http://www.openwall.com/lists/oss-security/2025/09/30/8
CVE-2025-61734		https://nvd.nist.gov/vuln/detail/CVE-2025-61734
GHSA-p86w-w5rh-m3hx		https://github.com/advisories/GHSA-p86w-w5rh-m3hx

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/kylin

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/kylin/commit/22eb8fd5dfdeffa3fc57bae6d5c82a019eece662

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/kylin/pull/2332

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://issues.apache.org/jira/browse/KYLIN-6082

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread/z705g7sn3g0bkchlqbo1hz1tyqorn4d2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-02T17:26:13Z/ Found at https://lists.apache.org/thread/z705g7sn3g0bkchlqbo1hz1tyqorn4d2

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-61734

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2025/09/30/8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.24214
EPSS Score	0.00082
Published At	June 5, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:48:01.312357+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.kylin/kylin-core-metadata/CVE-2025-61734.yml	38.6.0