CVE-2025-53648

MEDIUM 5.4

Apache Gravitino: SQL misconfiguration can access or truncate files

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

0th

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue.

CWE	CWE-89
Vendor	apache software foundation
Product	apache gravitino
Published	Jun 30, 2026
Last Updated	Jun 30, 2026

Stay Ahead of the Next One

Get instant alerts for apache software foundation apache gravitino

Be the first to know when new medium vulnerabilities affecting apache software foundation apache gravitino are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Apache Software Foundation / Apache Gravitino

0.5.0 < 1.0.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

lists.apache.org: https://lists.apache.org/thread/s0hytcv17z52dwp5dojjjwgrtqtyh2xk

Credits

🔍 A1kaid@ThreatBook VulTeam Le1a@ThreatBook VulTeam