Primary

Context

Apache Seata Deserialization of Untrusted Data Vulnerability

Vulnerability

Patched

A deserialization of untrusted data vulnerability has been identified in Apache Seata (incubating) versions 2.0.0 prior to 2.2.0. This vulnerability occurs in jraft mode on the Apache Seata Server.

Impact

Exploitation of this vulnerability could lead to deserialization issues, potentially allowing for arbitrary code execution or other malicious actions, depending on the context in which Seata is used.

Remediation

Users are advised to upgrade to Apache Seata version 2.2.0 or later, which addresses this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Seata Deserialization of Untrusted Data Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache Seata

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating