{"schema_version": "1.6.1", "id": "CVE-2025-53648", "summary": "SQL misconfiguration can access or truncate files", "details": "SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files.\nUsers are recommended to upgrade to version 1.0.0, which fixes this issue.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0.5.0"}, {"fixed": "1.0.0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/s0hytcv17z52dwp5dojjjwgrtqtyh2xk"}]}