What is CVE-2025-60012?

CVE-2025-60012 is a vulnerability in Apache Software Foundation Livy, classified under Improper Input Validation. Published 2026-03-13.

Is CVE-2025-60012 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Apache Software Foundation Livy

CVE-2025-60012

Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (25.7th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Livy — versions 0.7.0-incubating

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

sid6224/CVE-2025-60012-POC

References

lists.apache.org/thread/gpc85fwrgrbglpk9gm8tmcjzqnctx64w (vendor-advisory)

Frequently asked questions

What is CVE-2025-60012?: CVE-2025-60012 is a vulnerability in Apache Software Foundation Livy, classified under Improper Input Validation. Published 2026-03-13.
Is CVE-2025-60012 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.