CVE-2025-61733

HIGH 7.5

Apache Kylin: Authentication bypass

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.

CWE	CWE-288
Vendor	apache software foundation
Product	apache kylin
Published	Oct 2, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for apache software foundation apache kylin

Be the first to know when new high vulnerabilities affecting apache software foundation apache kylin are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Apache Software Foundation / Apache Kylin

4.0.0 ≤ 5.0.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

lists.apache.org: https://lists.apache.org/thread/8wmcffly6gp50nmfw8j4w3hlmv843yo0 openwall.com: http://www.openwall.com/lists/oss-security/2025/09/30/7

Credits

liuhuajin <[email protected]>