CVE-2025-27522 — Apache InLong: JDBC Vulnerability during verification processing

Description

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability is a secondary mining bypass for CVE-2024-26579. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/11732

How to fix CVE-2025-27522

To remediate CVE-2025-27522, upgrade the affected package to a fixed version below.

Maven/org.apache.inlong:manager-pojo—upgrade to 2.2.0 or later

Is CVE-2025-27522 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 1.13.0, < 2.2.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-27522
PATCHgithub.com/apache/inlong
WEBgithub.com/apache/inlong/commit/86c893cfd8f7ba9ffce5d20abef6cd360f502fdf
WEBgithub.com/apache/inlong/pull/11732
WEB