CVE-2025-60012

MEDIUM LAB

Apache Livy 0.7.0-0.8.0 - Unauthorized File Access

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-60012. PoCs published by sid6224.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-60012, an unauthorized file access vulnerability in Apache Livy. It includes source code diffs, vulnerability descriptions, and a proof-of-concept setup with Docker environments for both vulnerable and fixed versions.

Description

Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to files they do not have permissions to. For the vulnerability to be exploitable, the user needs to have access to Apache Livy's REST or JDBC interface and be able to send requests with arbitrary Spark configuration values. Users are recommended to upgrade to version 0.9.0 or later, which fixes the issue.

Exploits (1)

nomisec WRITEUP

by sid6224 · poc

https://github.com/sid6224/CVE-2025-60012-POC

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2025-60012, an unauthorized file access vulnerability in Apache Livy. It includes source code diffs, vulnerability descriptions, and a proof-of-concept setup with Docker environments for both vulnerable and fixed versions.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Apache Livy 0.7.0-incubating, 0.8.0-incubating

Auth required

Prerequisites: authenticated access to Livy's REST or JDBC interface · Spark 3.1 or later

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Mar 16, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2026/03/12/1

Mailing List vendor-advisory

https://lists.apache.org/thread/gpc85fwrgrbglpk9gm8tmcjzqnctx64w

Scores

CVSS v3 6.3

EPSS 0.0009

EPSS Percentile 26.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Lab Environment

COMMUNITY

Community Lab

docker pull eclipse-temurin:11-jdk-focal

docker pull livy-dev-spark:latest

docker pull livy-dev-server:latest

docker pull livy-dev-base:latest

https://github.com/sid6224/CVE-2025-60012-POC

View in Library

Details

CWE

CWE-20

Status published

Products (3)

apache/livy 0.7.0 - 0.9.0

Apache Software Foundation/Apache Livy 0.7.0-incubating - 0.9.0-incubating

org.apache.livy/livy-server 0.7.0-incubating - 0.9.0-incubatingMaven

Published Mar 13, 2026

Tracked Since Mar 14, 2026