ГлавнаяУязвимости → CVE-2025-68637
9.1критическая

CVE-2025-68637

Описание

The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle (MITM) attacks. This issue affects all versions from before 0.10.0. Users are recommended to upgrade to version 0.10.0, which fixes the issue.

Затрагиваемое ПО
Apache Uniffle
CVSS
Балл9.1 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Источники
https://lists.apache.org/thread/trvdd11hmpbjno3t8rc9okr4t036ox2vhttp://www.openwall.com/lists/oss-security/2025/12/27/2