プラットフォーム
java
コンポーネント
org.apache.linkis:linkis
修正版
1.7.1
1.8.0
CVE-2025-29847 is an Arbitrary File Access vulnerability discovered in Apache Linkis. This flaw allows attackers to potentially gain unauthorized access to system files through manipulated JDBC parameters. The vulnerability impacts versions of Apache Linkis from 1.3.0 up to and including 1.7.0. A fix is available in version 1.8.0.
An attacker can exploit this vulnerability by crafting a malicious JDBC URL with multiple rounds of URL encoding. This bypasses Linkis's intended security checks, allowing the attacker to specify arbitrary file paths. Successful exploitation could lead to the disclosure of sensitive system files, including configuration data, credentials, or even executable code. The potential blast radius extends to any system accessible through the Linkis JDBC engine, and the impact could be significant depending on the data exposed. This vulnerability highlights the importance of proper input validation and sanitization, particularly when handling user-supplied data in JDBC connections.
CVE-2025-29847 was published on 2026-01-19. There is no indication of active exploitation or inclusion in the CISA KEV catalog at the time of writing. Public proof-of-concept (POC) code is currently unavailable, but the vulnerability's nature suggests that a POC could be developed relatively easily. The severity is rated HIGH due to the potential for unauthorized file access.
Organizations deploying Apache Linkis for data processing and analytics are at risk, particularly those relying on the JDBC engine for connecting to external data sources. Environments with legacy Linkis installations (versions 1.3.0 - 1.7.0) are especially vulnerable, as are those with complex JDBC configurations or inadequate input validation.
• java / server:
find /opt/linkis/logs -type f -name "*.log" | grep -i "JDBC URL contains multiple encoded characters"• generic web:
curl -I <linkis_jdbc_url_endpoint> | grep -i "URL-encoded characters"disclosure
エクスプロイト状況
EPSS
0.10% (28% パーセンタイル)
CVSS ベクトル
The primary mitigation is to upgrade Apache Linkis to version 1.8.0 or later, which includes the fix for this vulnerability. If upgrading immediately is not feasible, a temporary workaround involves implementing stricter checks on JDBC connection URLs. Specifically, the Linkis system should continuously check for the presence of the '%' character in the connection information. If found, perform URL decoding to reveal any potentially malicious characters. Consider implementing a Web Application Firewall (WAF) rule to block requests containing excessively encoded URLs. After upgrading, confirm the fix by attempting to connect with a crafted URL containing multiple encoded characters; the connection should be rejected.
Actualice Apache Linkis a la versión 1.8.0 o superior. Como alternativa, revise continuamente la información de conexión en busca del carácter '%' y realice la decodificación de URL si está presente para evitar el bypass de las comprobaciones del sistema.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-29847 is a HIGH severity vulnerability in Apache Linkis affecting versions ≤1.7.0. It allows attackers to access system files through manipulated JDBC URLs.
If you are running Apache Linkis versions 1.3.0 through 1.7.0, you are potentially affected by this vulnerability. Upgrade to 1.8.0 or implement the recommended workaround.
The recommended fix is to upgrade Apache Linkis to version 1.8.0 or later. As a temporary workaround, implement stricter checks on JDBC connection URLs to detect and reject encoded characters.
There is currently no public information indicating active exploitation of CVE-2025-29847, but the vulnerability's nature suggests it could be exploited.
Refer to the Apache Linkis security advisory for details: [https://linkis.apache.org/security/](https://linkis.apache.org/security/)
pom.xml ファイルをアップロードすると、影響の有無を即座にお知らせします。