CVE-2024-47552

CVE-2024-47552 is a Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). The initial record lists affected versions: 2.0.0 before 2.2.0, with a fix in 2.2.0. Connected advisories extend the affected range to 2.0.0 through 2.3.0 and recommend upgrading to 2.3.0. Exploitati...

CVE-2024-54016

CVE-2024-54016 describes an Improper Handling of Highly Compressed Data (Data Amplification) affecting Apache Seata (incubating) up to version 2.2.0. The issue is reported across multiple feeds as a vulnerability that could enable performance degradation due to oversized compressed input, with re...

CVE-2024-22399

CVE-2024-22399 describes a deserialization of untrusted data vulnerability in Apache Seata Server that can enable remote code execution when attackers exploit the Seata private protocol via serialized payloads. Affected are Seata versions ranging from 1.0.0 through 1.8.0 and 2.0.0, with exploitat...

CVE-2025-32897

CVE-2025-32897 describes a deserialization of untrusted data vulnerability in Apache Seata (incubating) affecting versions 2.0.0 up to but not including 2.3.0. The underlying issue is unsafe deserialization of serialized user data, enabling potential code execution. The CVSS v3.1 base score is 9....

CVE-2025-53606

CVE-2025-53606 describes a Deserialization of Untrusted Data vulnerability in Apache Seata (incubating) affecting version 2.4.0 . The issue allows high-severity impact (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) with network-prioritized exploitation and no user interaction required. The recom...