FKIE_CVE-2025-29847

Vulnerability from fkie_nvd - Published: 2026-01-19 09:16 - Updated: 2026-01-27 21:12
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows unauthorized access to system files via JDBC parameters. Scope of Impact This issue affects Apache Linkis: from 1.3.0 through 1.7.0. Severity level moderate Solution Continuously check if the connection information contains the "%" character; if it does, perform URL decoding. Users are recommended to upgrade to version 1.8.0, which fixes the issue. More questions about this vulnerability can be discussed here:  https://lists.apache.org/list?dev@linkis.apache.org:2025-9:cve
References
security@apache.orghttps://lists.apache.org/thread/03l5rfkgdt022o75jp8x4tzpqxz8g057Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2025/09/19/2Mailing List, Third Party Advisory
Impacted products
Vendor Product Version
apache linkis *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:linkis:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ADF588F-526C-4CEC-9F76-44D1BE9ACD27",
              "versionEndExcluding": "1.8.0",
              "versionStartIncluding": "1.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Apache Linkis.\n\nProblem Description\nWhen using the JDBC engine and da\nWhen using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system\u0027s checks. This bypass can trigger a vulnerability that allows unauthorized access to system files via JDBC parameters.\n\nScope of Impact\n\n\nThis issue affects Apache Linkis: from 1.3.0 through 1.7.0.\n\nSeverity level\n\n\nmoderate\nSolution\nContinuously check if the connection information contains the \"%\" character; if it does, perform URL decoding.\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue.\n\n\n\n\nMore questions about this vulnerability can be discussed here:\u00a0 https://lists.apache.org/list?dev@linkis.apache.org:2025-9:cve"
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en Apache Linkis.\n\nDescripci\u00f3n del problema\nAl utilizar el motor JDBC y la funcionalidad de fuente de datos, si el par\u00e1metro URL configurado en el frontend ha sido sometido a m\u00faltiples rondas de codificaci\u00f3n URL, puede eludir las comprobaciones del sistema. Esta elusi\u00f3n puede desencadenar una vulnerabilidad que permite el acceso no autorizado a archivos del sistema a trav\u00e9s de par\u00e1metros JDBC.\n\nAlcance del impacto\nEste problema afecta a Apache Linkis: desde la 1.3.0 hasta la 1.7.0.\n\nNivel de gravedad\nmoderado\nSoluci\u00f3n\nComprobar continuamente si la informaci\u00f3n de conexi\u00f3n contiene el car\u00e1cter \u0027%\u0027; si lo contiene, realizar la decodificaci\u00f3n URL.\n\nSe recomienda a los usuarios actualizar a la versi\u00f3n 1.8.0, que corrige el problema.\n\nM\u00e1s preguntas sobre esta vulnerabilidad pueden discutirse aqu\u00ed: https://lists.apache.org/list?dev@linkis.apache.org:2025-9:cve"
    }
  ],
  "id": "CVE-2025-29847",
  "lastModified": "2026-01-27T21:12:41.117",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-19T09:16:01.237",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.apache.org/thread/03l5rfkgdt022o75jp8x4tzpqxz8g057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2025/09/19/2"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.