CVE-2026-25747

🗓️ 23 Feb 2026 08:45:45Reported by apacheType

Camel LevelDB deserialization flaw enables code execution via crafted serialized data in DefaultLevelDBSerializer.

Reporter	Title	Published	Views	Family All 18
GithubExploit	Exploit for CVE-2026-25747	9 Feb 202609:37	–	githubexploit
ATTACKERKB	CVE-2026-25747	23 Feb 202608:45	–	attackerkb
ATTACKERKB	CVE-2026-27172	27 Apr 202609:59	–	attackerkb
ATTACKERKB	CVE-2026-40858	27 Apr 202609:38	–	attackerkb
Circl	CVE-2026-25747	18 Feb 202617:24	–	circl
CNNVD	Apache Camel 安全漏洞	23 Feb 202600:00	–	cnnvd
Cvelist	CVE-2026-25747 Apache Camel LevelDB: Deserialization of Untrusted Data in Camel LevelDB	23 Feb 202608:45	–	cvelist
Github Security Blog	Apache Camel Deserializes Untrusted Data in its LevelDB Component	23 Feb 202609:31	–	github
NVD	CVE-2026-25747	23 Feb 202609:17	–	nvd
OSV	CVE-2026-25747	23 Feb 202609:17	–	osv

NVD

Vulners

Node

apache camelRange3.0.0–4.10.9

apache camelRange4.11.0–4.14.5

apache camelRange4.15.0–4.18.0

[
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.apache.camel:camel-leveldb",
    "product": "Apache Camel LevelDB",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "4.10.9",
        "status": "affected",
        "version": "3.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "4.14.5",
        "status": "affected",
        "version": "4.14.0",
        "versionType": "semver"
      },
      {
        "lessThan": "4.18.0",
        "status": "affected",
        "version": "4.15.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
camel	www.camel.apache.org/security/CVE-2026-25747.html
github	www.github.com/oscerd/CVE-2026-25747
openwall	www.openwall.com/lists/oss-security/2026/02/18/6

17 Jun 2026 10:25Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.18.8

EPSS0.01274

SSVC

CWE-502