Apache Gravitino security advisories

Security information for Apache Gravitino

Reporting

Do you want disclose a potential security issue for Apache Gravitino? Send your report to the Apache Security Team.

Advisories

This section is experimental: it provides advisories since 2023 and may lag behind the official CVE publications. If you have any feedback on how you would like this data to be provided, you are welcome to reach out on our public mailinglist or privately on security@apache.org

SQL misconfiguration can access or truncate files

CVE-2025-53648 [CVE] [CVE json] [OSV json]

Last updated: 2026-06-30T13:35:54.650Z

Affected

  • Apache Gravitino from 0.5.0 before 1.0.0

Description

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files.
Users are recommended to upgrade to version 1.0.0, which fixes this issue.

References

Credits

  • A1kaid@ThreatBook VulTeam (reporter)
  • Le1a@ThreatBook VulTeam (finder)