EUVD-2025-9549

Malicious code in bioql PyPI...

Insecure Deserialization

com.typesafe.akka, akka-cluster-metrics is vulnerable to insecure deserialization. The vulnerability is due to the use of Java serialization without proper validation or safeguards in the akka-cluster-metrics module, which allows an attacker to exploit the deserialization process to execute...

CVE-2025-53393

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...

akka-cluster-metrics uses Java serialization for cluster metrics

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...

cc.akkaha:asura-cluster_2.12 (>=0.2.0 <=0.6.0), com.adobe.api.platform.runtime:mesos-actor (>=0.0.8_2.12 <=0.0.33) +42 more potentially affected by CVE-2025-53393 via com.typesafe.akka:akka-cluster-metrics_2.12 (>=2.4.16 <=2.7.0)

com.typesafe.akka:akka-cluster-metrics2.12 MAVEN version =2.4.16, =0.2.0, =0.0.82.12, =3.6.0, =3.3.0, =0.1.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =3.1.0-35emr770 and more Source cves: CVE-2025-53393 Source advisory: SNYK:JAVA-COMTYPESAFEAKKA-10567747...

com.ing.baker:bakery-interaction-k8s-interaction-manager_2.13 (>=3.6.2 <=5.0.0), com.ing.baker:bakery-state-k8s_2.13 (=3.5.0) +8 more potentially affected by CVE-2025-53393 via com.typesafe.akka:akka-cluster-metrics_2.13 (>=2.6.11 <=2.9.0-M2)

com.typesafe.akka:akka-cluster-metrics2.13 MAVEN version =2.6.11, =3.6.2, =3.5.0, =22.10.0, =0.1.6, =0.1.0-beta5, =2.9.1, =3.30.0, =3.31.0 Source cves: CVE-2025-53393 Source advisory: SNYK:JAVA-COMTYPESAFEAKKA-10567746...

GHSA-358M-FQ53-HP87 akka-cluster-metrics uses Java serialization for cluster metrics

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...

CVE-2025-53393

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...

CVE-2025-53393

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...

CVE-2025-53393

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...

CVE-2025-53393

CVE-2025-53393 affects Akka up to version 2.10.6, where akka-cluster-metrics uses Java serialization for cluster metrics. The root cause is deserialization of serialized objects within the MessageSerializer pathway, which the linked sources describe in SNYK/GHSA notices. The CVE entry provides a ...

CVE-2025-53393

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...

Akka 代码问题漏洞

Akka is an Akka open source expressive SDK and platform for developing, deploying and operating enterprise agent services. A code issue vulnerability exists in Akka 2.10.6 and earlier versions that stems from the use of Java serialization to process cluster metrics...

PT-2025-27331 · Akka · Akka

Name of the Vulnerable Software and Affected Versions: Akka versions through 2.10.6 Description: The issue concerns the use of Java serialization for cluster metrics in the akka-cluster-metrics component. Recommendations: For versions through 2.10.6, consider disabling Java serialization for...

Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole. This can be...

GHSA-5XF3-GMX4-529V Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole. This can be...

CVE-2025-2842

A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole. This can be...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions when using the Jaeger UI Monitor tab on OpenShift. A user with create permissions on TempoStack and get permissions on a namespaced Secret can read the token of the Tempo service account and subsequently...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions when using the Jaeger UI Monitor tab on OpenShift. A user with create permissions on TempoStack and get permissions on a namespaced Secret can read the token of the Tempo service account and subsequently...

Grafana Tempo operator 信息泄露漏洞

Grafana Tempo operator is a Grafana Tempo Kubernetes operator program open-sourced by Grafana. An information disclosure vulnerability exists in the Grafana Tempo operator, which stems from the possibility of disclosing cluster metrics when the Jaeger UI Monitor Tab feature is enabled...