{
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
      },
      "title": "Server-Side Request Forgery",
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-918 Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "cweId": "CWE-918",
              "type": "CWE"
            }
          ]
        }
      ],
      "source": {
        "defect": [
          "KYLIN-6082"
        ],
        "discovery": "UNKNOWN"
      },
      "affected": [
        {
          "vendor": "Apache Software Foundation",
          "product": "Apache Kylin",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.0",
              "lessThanOrEqual": "5.0.2",
              "versionType": "semver"
            }
          ],
          "defaultStatus": "unaffected"
        }
      ],
      "descriptions": [
        {
          "value": "Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin.\n\nThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\u00a0You are fine as long as the Kylin's system and project admin access is well protected.\n\nUsers are recommended to upgrade to version 5.0.3, which fixes the issue.",
          "lang": "en",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "<p>Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin.</p><p>This issue affects Apache Kylin: from 4.0.0 through 5.0.2.&nbsp;You are fine as long as the Kylin's system and project admin access is well protected.</p><p>Users are recommended to upgrade to version 5.0.3, which fixes the issue.</p>"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://lists.apache.org/thread/yscobmx869zvprsykb94r24jtmb58ckh",
          "tags": [
            "vendor-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "other": {
            "type": "Textual description of severity",
            "content": {
              "text": "low"
            }
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "liuhuajin <liuhuajin1@huawei.com>",
          "type": "finder"
        },
        {
          "lang": "en",
          "value": "75Acol",
          "type": "finder"
        },
        {
          "lang": "en",
          "value": "fcgboy",
          "type": "finder"
        },
        {
          "lang": "en",
          "value": "stan fang",
          "type": "finder"
        },
        {
          "lang": "en",
          "value": "zer0duck",
          "type": "finder"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "cveId": "CVE-2025-61735",
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "serial": 1,
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}