Critical Published: Aug 08, 2025 Modified: Nov 04, 2025

CVE-2025-53606

9.8 CVSS Score

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).

This issue affects Apache Seata (incubating): 2.4.0.

Users are recommended to upgrade to version 2.5.0, which fixes the issue.

CVSS Vector Details

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Affected Software Configurations

a apache seata 2.4.0 * * * * * * *

Weaknesses (CWE)

CWE-502

References & External Links

https://lists.apache.org/thread/ggfd72vvvxjozs81zbcls45zxg64pphx
http://www.openwall.com/lists/oss-security/2025/08/07/1

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker