Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Network-accessible UI with authenticated low-privilege user required; file read yields high confidentiality, file truncation yields high integrity and availability impact.
Primary rating from Vendor (apache).
CVSS VectorVendor: apache
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue.
AnalysisAI
SQL injection in the Apache Gravitino UI exposes server-side files to authenticated malicious users, enabling unauthorized file read and file truncation on the underlying host. Affected versions are listed as 1.0.0 and below, though the advisory contains an apparent inconsistency - the fix is attributed to version 1.0.0 itself, suggesting the actual patched release may be a later point version. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Technical ContextAI
Apache Gravitino is a relatively new Apache Software Foundation project providing a unified metadata lake and table format governance layer for data lakehouses. CWE-89 identifies the root cause as SQL injection - specifically described as a 'SQL misconfiguration' in the Gravitino UI, likely involving an embedded or backend SQL engine (such as H2, HSQLDB, or a similar in-process database commonly used in Java-based metadata platforms) where SQL file-operation functions (e.g., LOAD_FILE, TRUNCATE, CSVREAD, or RUNSCRIPT equivalents) are not properly restricted. Rather than a classic data exfiltration injection, the impact is file-system-level: the injected SQL leverages database-native file I/O capabilities to read arbitrary files or truncate them on the server. The CPE confirms the affected product as cpe:2.3:a:apache_software_foundation:apache_gravitino:*:*:*:*:*:*:*:*.
RemediationAI
The vendor advisory recommends upgrading Apache Gravitino to version 1.0.0 as the fix, though this conflicts with the affected-version range also citing 1.0.0 - consult https://lists.apache.org/thread/s0hytcv17z52dwp5dojjjwgrtqtyh2xk to confirm the exact patched version (likely a subsequent point release). Until upgrade is possible, restrict access to the Gravitino UI to trusted, least-privilege users only, and apply network-layer controls to prevent exposure of the UI to untrusted networks. If the underlying SQL engine supports disabling file I/O functions (e.g., setting H2's ALLOW_LITERALS or disabling RUNSCRIPT), apply those restrictions at the database configuration level. Audit which OS-level files are readable by the process account running Gravitino and minimize those permissions to reduce the blast radius of file-read exploitation.
More in Apache Gravitino
View allSame weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210372
GHSA-7ph3-grqh-pv9v