CNNVD-202512-3764 Information

CNNVD ID

CNNVD-202512-3764

Related CVE

CVE-2025-66524

• CNNVD Published: 2025-12-19

Description (Chinese)

Apache NiFi是美国阿帕奇（Apache）基金会的一套数据处理和分发系统。该系统主要用于数据路由、转换和系统中介逻辑。 Apache NiFi 1.20.0版本至2.6.0版本存在代码问题漏洞，该漏洞源于GetAsanaObject Processor使用未过滤的Java对象反序列化，可能导致执行任意代码。

Description (English)

Apache NiFi is a data-processing and distribution system of the Apache Foundation in the United States. The system is mainly used for data route, conversion and system intermediation logic. There is a code gap between Appache NiFi 1.20.0 and 2.6.0, which stems from the back-sequencing of the unfiltered Java object by GetAsanaObject Processor, which may lead to the execution of any code.

Hazard Level

Low

Vulnerability Type

代码问题

Affected Vendor

阿帕奇

Published

2025-12-19

Last Modified

2026-02-24

References

https://lists.apache.org/thread/k9h004ydjg7opdvxr0nfywtzf33z60d7 http://www.openwall.com/lists/oss-security/2025/12/18/2 https://access.redhat.com/security/cve/cve-2025-66524

Patch

https://nifi.apache.org/download/