CVE-2025-27531

CRITICAL LAB

Apache InLong <2.1.0 - Deserialization

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-27531. PoCs published by exploitintel.

AI-analyzed exploit summary This repository contains functional exploit code demonstrating a JDBC URL sanitization bypass in Apache InLong Manager, leading to arbitrary file read and remote code execution via Java deserialization. The PoC includes multiple attack vectors and a detailed technical analysis.

Description

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 before 2.1.0, this issue would allow an authenticated attacker to read arbitrary files by double writing the param. Users are recommended to upgrade to version 2.1.0, which fixes the issue.

Exploits (1)

github WORKING POC 1 stars

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2025-27531

View Code ZIP pw:eip

This repository contains functional exploit code demonstrating a JDBC URL sanitization bypass in Apache InLong Manager, leading to arbitrary file read and remote code execution via Java deserialization. The PoC includes multiple attack vectors and a detailed technical analysis.

Classification

Working Poc 100%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: Apache InLong Manager 1.13.0 to 2.0.0

Auth required

Prerequisites: Docker Engine with Compose plugin · authenticated access to InLong Manager REST API

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Mar 02, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List, Vendor Advisory

http://www.openwall.com/lists/oss-security/2025/02/28/2

Mailing List, Vendor Advisory vendor-advisory

https://lists.apache.org/thread/r62lkqrr739wvcb60j6ql6q63rh4bxx5

Scores

CVSS v3 9.8

EPSS 0.0050

EPSS Percentile 66.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Lab Environment

EIP LAB

mysql docker pull ghcr.io/exploitintel/cve-2025-27531-mysql:latest

vulnerable docker pull ghcr.io/exploitintel/cve-2025-27531-vulnerable:latest

View in Library GitHub

Details

CWE

CWE-502

Status published

Products (2)

apache/inlong 1.13.0 - 2.1.0

org.apache.inlong/inlong-manager 1.13.0 - 2.1.0Maven

Published Jun 06, 2025

Tracked Since Feb 18, 2026