{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2025-53648", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2025-07-08T05:17:44.991Z", "datePublished": "2026-06-30T13:36:00.654Z", "dateUpdated": "2026-06-30T17:35:41.726Z" }, "containers": { "cna": { "affected": [ { "collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected", "packageName": "org.apache.gravitino:catalog-jdbc-common", "product": "Apache Gravitino", "vendor": "Apache Software Foundation", "versions": [ { "lessThan": "1.0.0", "status": "affected", "version": "0.5.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "A1kaid@ThreatBook VulTeam" }, { "lang": "en", "type": "finder", "value": "Le1a@ThreatBook VulTeam" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "
SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files.