{"schema_version": "1.6.1", "id": "CVE-2025-62233", "summary": "Deserialization of untrusted data in RPC", "details": "Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module.\n\nThis issue affects Apache DolphinScheduler: \n\nVersion >= 3.2.0 and < 3.3.1.\n\nAttackers who can access the Master or Worker nodes can compromise the system by creating a StandardRpcRequest, injecting a malicious class type into it, and sending RPC requests to the DolphinScheduler Master/Worker nodes.\nUsers are recommended to upgrade to version [3.3.1], which fixes the issue.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "3.2.0"}, {"fixed": "3.3.1"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/79s80h51r4z5d4l2xs5xy364rmmo1bw0"}]}