CVE-2025-60012

MEDIUM LAB

Apache Livy 0.7.0-0.8.0 - Unauthorized File Access

Title source: llm

Description

Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to files they do not have permissions to. For the vulnerability to be exploitable, the user needs to have access to Apache Livy's REST or JDBC interface and be able to send requests with arbitrary Spark configuration values. Users are recommended to upgrade to version 0.9.0 or later, which fixes the issue.

Exploits (1)

nomisec WRITEUP

by sid6224 · poc

https://github.com/sid6224/CVE-2025-60012-POC

View Code ZIP pw:eip

References (2)

[Mailing List] https://lists.apache.org/thread/gpc85fwrgrbglpk9gm8tmcjzqnctx64w

[Mailing List] http://www.openwall.com/lists/oss-security/2026/03/12/1

Scores

CVSS v3 6.3

EPSS 0.0011

EPSS Percentile 28.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Lab Environment

COMMUNITY

Community Lab

docker pull eclipse-temurin:11-jdk-focal

docker pull livy-dev-spark:latest

docker pull livy-dev-server:latest

docker pull livy-dev-base:latest

https://github.com/sid6224/CVE-2025-60012-POC

View in Library

Details

CWE

CWE-20

Status published

Products (3)

apache/livy 0.7.0 - 0.9.0

Apache Software Foundation/Apache Livy 0.7.0-incubating - 0.9.0-incubating

org.apache.livy/livy-server 0.7.0-incubating - 0.9.0-incubatingMaven

Published Mar 13, 2026

Tracked Since Mar 14, 2026