Lucene search
+L

CVE-2025-60012

🗓️ 13 Mar 2026 15:23:07Reported by apacheType 
cve
 cve
🔗 web.nvd.nist.gov👁 12 Views🌐 WEB

Apache Livy 0.7.0 and 0.8.0 allow unauthorized file access via Spark configuration values with Spark 3.1+, upgrade to 0.9.0.

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2025-60012
13 Mar 202615:23
attackerkb
GithubExploit
Exploit for CVE-2025-60012
15 Mar 202615:17
githubexploit
Circl
CVE-2025-60012
12 Mar 202618:19
circl
CNNVD
Apache Livy 输入验证错误漏洞
13 Mar 202600:00
cnnvd
CNVD
Apache Livy Input Validation Error Vulnerability
19 Mar 202600:00
cnvd
Cvelist
CVE-2025-60012 Apache Livy: Restrict file access
13 Mar 202615:23
cvelist
EUVD
EUVD-2025-208637
13 Mar 202621:31
euvd
Github Security Blog
Apache Livy: Restrict file access
13 Mar 202621:31
github
NVD
CVE-2025-60012
13 Mar 202619:53
nvd
OSV
GHSA-HM8X-RPGG-7855 Apache Livy: Restrict file access
13 Mar 202621:31
osv
Rows per page
NVD
Vulners
Node
apachelivyRange0.7.00.9.0
[
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.apache.livy:livy-server",
    "product": "Apache Livy",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "0.9.0-incubating",
        "status": "affected",
        "version": "0.7.0-incubating",
        "versionType": "semver"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
kindrequest body/sessionsUnauthenticated path bypass via spark.archives not validated against whitelist in vulnerable Livy versions.CWE-20
conf.spark.archivesrequest body/sessionsUnauthenticated path bypass via spark.archives not validated against whitelist in vulnerable Livy versions.CWE-20
kindrequest body/sessionsPath traversal bypass using spark.jars with ../ traversal bypassing whitelist in vulnerable Livy versions.CWE-20
conf.spark.jarsrequest body/sessionsPath traversal bypass using spark.jars with ../ traversal bypassing whitelist in vulnerable Livy versions.CWE-20

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 09:49Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.16.3
EPSS0.00488
SSVC
12