{
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
      },
      "title": "improper restriction of file read",
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "cweId": "CWE-552",
              "type": "CWE"
            }
          ]
        }
      ],
      "source": {
        "defect": [
          "KYLIN-6082"
        ],
        "discovery": "UNKNOWN"
      },
      "affected": [
        {
          "vendor": "Apache Software Foundation",
          "product": "Apache Kylin",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.0",
              "lessThanOrEqual": "5.0.2",
              "versionType": "semver"
            }
          ],
          "defaultStatus": "unaffected"
        }
      ],
      "descriptions": [
        {
          "value": "Files or Directories Accessible to External Parties vulnerability in Apache Kylin.\n You are fine as long as the Kylin's system and project admin access is well protected.\n\nThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\n\nUsers are recommended to upgrade to version 5.0.3, which fixes the issue.",
          "lang": "en",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "<p>Files or Directories Accessible to External Parties vulnerability in Apache Kylin.\n You are fine as long as the Kylin's system and project admin access is well protected.</p><p>This issue affects Apache Kylin: from 4.0.0 through 5.0.2.</p><p>Users are recommended to upgrade to version 5.0.3, which fixes the issue.</p>"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://lists.apache.org/thread/z705g7sn3g0bkchlqbo1hz1tyqorn4d2",
          "tags": [
            "vendor-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "other": {
            "type": "Textual description of severity",
            "content": {
              "text": "low"
            }
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "liuhuajin <liuhuajin1@huawei.com>",
          "type": "finder"
        },
        {
          "lang": "en",
          "value": "75Acol",
          "type": "finder"
        },
        {
          "lang": "en",
          "value": "fcgboy",
          "type": "finder"
        },
        {
          "lang": "en",
          "value": "stan fang",
          "type": "finder"
        },
        {
          "lang": "en",
          "value": "zer0duck",
          "type": "finder"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "cveId": "CVE-2025-61734",
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "serial": 1,
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}