CVE-2025-62228 | THREATINT

Description

Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update Flink CDC version to 3.5.0 which address this issue.

PUBLISHED Reserved 2025-10-09 | Published 2025-10-09 | Updated 2025-10-09 | Assigner apache

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/R:U/V:C/RE:L/U:Amber

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status

unaffected

3.0.0

affected

Default status

unaffected

3.0.0

affected

Default status

unaffected

3.0.0

affected

Default status

unaffected

3.0.0

affected

Default status

unaffected

3.3.0

affected

Credits

intSheep reporter

Mapta/BugBunny_ai reporter

References

lists.apache.org/thread/3dn0hc1wbc5sj0jbgdg33gtnwlw7qrl3 vendor-advisory

cve.org (CVE-2025-62228)

nvd.nist.gov (CVE-2025-62228)

Download JSON

help @ threatint.eu