CVE-2025-32896: Apache SeaTunnel: Unauthenticated insecure access

June 19, 2025

Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1.

References

github.com/advisories/GHSA-9x53-gr7p-4qf5
github.com/apache/seatunnel
github.com/apache/seatunnel/commit/53325aa3e76e3939f41a4bf3eaaf3ee56f13f311
github.com/apache/seatunnel/pull/9010
lists.apache.org/thread/qvh3zyt1jr25rgvw955rb8qjrnbxfro9
nvd.nist.gov/vuln/detail/CVE-2025-32896

Code Behaviors & Features

Detect and mitigate CVE-2025-32896 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →