Skip to main content

AI / ML CVE-2025-60012

| EUVDEUVD-2025-208637 MEDIUM
Improper Input Validation (CWE-20)
2026-03-13 apache GHSA-hm8x-rpgg-7855
6.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 13, 2026 - 16:57 euvd
EUVD-2025-208637
Analysis Generated
Mar 13, 2026 - 16:57 vuln.today
CVE Published
Mar 13, 2026 - 15:23 nvd
MEDIUM 6.3

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 4 maven packages depend on org.apache.livy:livy-server (4 direct, 0 indirect)

Ecosystem-wide dependent count for version 0.7.0-incubating.

DescriptionCVE.org

Malicious configuration can lead to unauthorized file access in Apache Livy.

This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later.

A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to files they do not have permissions to.

For the vulnerability to be exploitable, the user needs to have access to Apache Livy's REST or JDBC interface and be able to send requests with arbitrary Spark configuration values.

Users are recommended to upgrade to version 0.9.0 or later, which fixes the issue.

AnalysisAI

Apache Livy versions 0.7.0 and 0.8.0 contain an improper input validation vulnerability (CWE-20) that allows authenticated users to bypass file access controls by injecting malicious Spark configuration values when connecting to Apache Spark 3.1 or later. An attacker with access to Livy's REST or JDBC interface can craft requests with arbitrary Spark configuration parameters to gain unauthorized access to files they do not have permissions to read or modify. This vulnerability is of moderate severity (CVSS 6.3) but requires valid authentication and is fixed in version 0.9.0 and later.

Technical ContextAI

Apache Livy is an open-source REST/JDBC interface for interacting with Apache Spark clusters. The vulnerability stems from improper sanitization of Spark configuration values passed through the REST and JDBC APIs (CVE-2025-60012 affects cpe:2.3:a:apache:livy:0.7.0 and cpe:2.3:a:apache:livy:0.8.0). The root cause is classified as CWE-20 (Improper Input Validation), indicating that Livy fails to adequately validate or filter Spark configuration parameters before forwarding them to the Spark cluster. Starting with Apache Spark 3.1, new configuration options were introduced that can be abused to manipulate file access permissions or redirect file operations. Since Livy acts as a trusted intermediary between clients and Spark, it should enforce strict whitelisting of permitted configurations; instead, it appears to pass user-supplied configurations directly to Spark without proper validation, allowing attackers to exploit Spark 3.1+ features to circumvent file-level access controls.

RemediationAI

Immediately upgrade Apache Livy to version 0.9.0 or later, which contains the security fix. For users unable to upgrade immediately, restrict access to Livy's REST and JDBC interfaces to a minimum set of trusted authenticated users and use network-level access controls (firewall rules, VPN requirements) to limit exposure to the affected endpoints. Consider deploying a reverse proxy in front of Livy that validates and sanitizes Spark configuration parameters before they reach the application, explicitly blocking any configuration keys that could be abused for file access manipulation. Additionally, review audit logs for any suspicious Spark configuration submissions and validate file access patterns to detect potential unauthorized access attempts. Downgrade Apache Spark to a version prior to 3.1 if operationally feasible, though this is typically not a viable long-term solution given the security and feature improvements in newer Spark versions.

CVE-2026-23744 CRITICAL POC
9.8 Jan 16

MCPJam Inspector versions 1.4.2 and earlier allow unauthenticated remote code execution through missing authentication i

CVE-2024-8859 HIGH POC
7.5 Mar 20

A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. Rated high severity (CVSS 7.5), this vulnerabilit

CVE-2026-27966 CRITICAL POC
9.8 Feb 26

Code injection in Langflow CSV Agent node before 1.8.0. The node hardcodes allow_dangerous_code=True, enabling arbitrary

CVE-2026-0770 CRITICAL POC
9.8 Jan 23

Langflow has a third RCE vulnerability via exec_globals (EPSS 10.0%) allowing inclusion of untrusted code that executes

CVE-2026-27597 CRITICAL POC
10.0 Feb 25

Sandbox escape in Enclave JavaScript sandbox before 2.11.1. Enclave is designed for safe AI agent code execution — the e

CVE-2026-22686 CRITICAL POC
10.0 Jan 14

enclave-vm JavaScript sandbox (before 2.7.0) has a critical sandbox escape. When a tool invocation fails, a host-side Er

CVE-2025-2828 CRITICAL POC
10.0 Jun 23

A remote code execution vulnerability in langchain-ai/langchain (CVSS 10.0). Risk factors: public PoC available. Vendor

CVE-2026-1470 CRITICAL POC
9.9 Jan 27

n8n has a fifth critical RCE vulnerability (CVSS 9.9) in the Expression evaluator, enabling code execution through craft

CVE-2026-24770 CRITICAL POC
9.8 Jan 27

Path traversal vulnerability in RAGFlow RAG engine version 0.23.1 allows unauthenticated attackers to read arbitrary fil

CVE-2026-22688 CRITICAL POC
9.9 Jan 10

WeKnora LLM framework (before 0.2.5) allows authenticated users to inject MCP stdio commands that the server executes as

CVE-2026-30861 CRITICAL POC
9.9 Mar 07

OS command injection in WeKnora from version 0.2.5 allows authenticated users to execute arbitrary system commands. CVSS

CVE-2026-29042 CRITICAL POC
9.8 Mar 06

Shell command injection in Nuclio serverless framework before 1.15.20. PoC and patch available.

Share

CVE-2025-60012 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy