{"schema_version": "1.6.1", "id": "CVE-2025-62228", "summary": "SQL injection via maliciously crafted identifiers", "details": "Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update Flink CDC version to 3.5.0 which address this issue.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "3.0.0"}, {"last_affected": "3.0.0"}]}]}, {"ranges": [{"type": "SEMVER", "events": [{"introduced": "3.0.0"}, {"last_affected": "3.0.0"}]}]}, {"ranges": [{"type": "SEMVER", "events": [{"introduced": "3.0.0"}, {"last_affected": "3.0.0"}]}]}, {"ranges": [{"type": "SEMVER", "events": [{"introduced": "3.0.0"}, {"last_affected": "3.0.0"}]}]}, {"ranges": [{"type": "SEMVER", "events": [{"introduced": "3.3.0"}, {"last_affected": "3.3.0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/3dn0hc1wbc5sj0jbgdg33gtnwlw7qrl3"}]}