CNNVD-202512-2366 Information
Dec 12, 2025
cve
CNNVD ID
CNNVD-202512-2366
Related CVE
- CNNVD Published: 2025-12-12
Description (Chinese)
Apache HugeGraph-Server是Apache基金会的一个图数据库的服务端进程。 Apache HugeGraph-Server存在安全漏洞,该漏洞源于PD存储中不安全的Hessian反序列化,可能导致远程代码执行。
Description (English)
Apache HugeGraph-Server is a service-end process for a map database of the Apache Foundation. There is a security loophole in Apache HugeGraph-Server, which stems from the unsafe, Hessian backsequencing in PD storage, which may lead to remote code execution.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
阿帕奇
Published
2025-12-12
Last Modified
2026-02-24
References
https://github.com/apache/incubator-hugegraph/pull/2735 https://lists.apache.org/thread/ko8jkwbjbb99m45pg4sgo5xsm8gx9nsq http://www.openwall.com/lists/oss-security/2025/12/09/1
Patch
https://lists.apache.org/thread/ko8jkwbjbb99m45pg4sgo5xsm8gx9nsq
Share on: