CVE-2025-62233

UNKNOWN 0.0

Apache DolphinScheduler: Deserialization of untrusted data in RPC

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version >= 3.2.0 and < 3.3.1. Attackers who can access the Master or Worker nodes can compromise the system by creating a StandardRpcRequest, injecting a malicious class type into it, and sending RPC requests to the DolphinScheduler Master/Worker nodes. Users are recommended to upgrade to version [3.3.1], which fixes the issue.

CWE	CWE-502
Vendor	apache software foundation
Product	apache dolphinscheduler
Published	Apr 24, 2026
Last Updated	Apr 24, 2026

Stay Ahead of the Next One

Get instant alerts for apache software foundation apache dolphinscheduler

Be the first to know when new unknown vulnerabilities affecting apache software foundation apache dolphinscheduler are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Apache Software Foundation / Apache DolphinScheduler

3.2.0 < 3.3.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

lists.apache.org: https://lists.apache.org/thread/79s80h51r4z5d4l2xs5xy364rmmo1bw0 openwall.com: http://www.openwall.com/lists/oss-security/2026/04/24/2

Credits

75Acol, fcgboy, ch0wn, zer0duck