Vulnerability in Apache Software Foundation Kyuubi
CVE-2025-66518
Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: fr…
EPSS: 0.000 (5.2th percentile) — read the EPSS interpretation.
Affected products
- Apache Software Foundation Kyuubi — versions 1.6.0
Weakness classification (CWE)
References
- lists.apache.org/thread/xp460bwbyzdhho34ljd4nchyt2fmhodl (vendor-advisory)