Vulnerability Details CVE-2025-53648
SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files.
Users are recommended to upgrade to version 1.0.0, which fixes this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 26.8%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2025-53648
-
cpe:2.3:a:apache:gravitino:0.5.0
-
cpe:2.3:a:apache:gravitino:0.5.1
-
cpe:2.3:a:apache:gravitino:0.6.0
-
cpe:2.3:a:apache:gravitino:0.6.1
-
cpe:2.3:a:apache:gravitino:0.7.0
-
cpe:2.3:a:apache:gravitino:0.8.0
-
cpe:2.3:a:apache:gravitino:0.8.1
-
cpe:2.3:a:apache:gravitino:0.9.0
-
cpe:2.3:a:apache:gravitino:0.9.1
-
cpe:2.3:a:apache:gravitino:0.9.2