Apache Ignite Class Serialization Filter Bypass Vulnerability Leading to Remote Code Execution

Vulnerability

A remote code execution vulnerability exists in Apache Ignite versions 2.6.0 prior to 2.17.0. In these versions, Class Serialization Filters are not properly enforced on certain server endpoints. This flaw can be exploited by sending a crafted Ignite message containing a vulnerable object from the server's classpath to the server endpoints. If the server deserializes this message, it may execute arbitrary code, potentially compromising the server.

Impact

Exploitation of this vulnerability allows for remote code execution on the Apache Ignite server.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

10.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.1

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

10.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.1

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Ignite Class Serialization Filter Bypass Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Affected Products

Apache Ignite

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating