CVE Catalog

CVE-2025-53648

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile — higher than 27% of all known CVEs

Summary

A SQL misconfiguration in the Gravitino UI, versions 1.0.0 and below, allows a malicious user to read or truncate files. The issue is fixed in version 1.0.0.

Risk Assessment

The organization is at risk of unauthorized file access and potential deletion, which could lead to data leakage or service disruption.

Recommendation

Upgrade Gravitino to version 1.0.0 immediately, which contains the fix for this vulnerability.

Original NVD description (English source)

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS