Users are recommended to upgrade to version 1.0.0, which fixes this issue.
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 01 Jul 2026 10:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Apache
Apache gravitino |
|
| Vendors & Products |
Apache
Apache gravitino |
Tue, 30 Jun 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Tue, 30 Jun 2026 14:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue. | |
| Title | Apache Gravitino: SQL misconfiguration can access or truncate files | |
| Weaknesses | CWE-89 | |
| References |
|
Status: PUBLISHED
Assigner: apache
Published:
Updated: 2026-06-30T17:35:41.726Z
Reserved: 2025-07-08T05:17:44.991Z
Link: CVE-2025-53648
Updated: 2026-06-30T17:35:41.726Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T10:01:31Z