The Apache Software Foundation has discovered three critical vulnerabilities in Apache Ambari, a popular platform for managing Hadoop clusters – an open-source system for storing and processing big data on distributed computer clusters. These vulnerabilities can make the system vulnerable to remote code execution attacks and sensitive data leaks.
These vulnerabilities are tracked as CVE-2025-23195, CVE-2025-23196, and CVE-2024-51941, affecting various versions and components of Apache Ambari:- CVE-2025-23195 : This is an XML External Entity (XXE) vulnerability in the Ambari/Oozie integration. An attacker can exploit this vulnerability to read arbitrary files on the server, exposing sensitive configuration data or user information. Additionally, if successfully exploited, this vulnerability can lead to Server-Side Request Forgery (SSRF) attacks, allowing attackers to interact with internal services and further compromise the system.
- CVE-2025-23196 : This is a code injection vulnerability in the Alert Definition feature of Ambari. This vulnerability allows an authenticated attacker to execute arbitrary shell commands on the server, leading to system takeover, data theft, and disruption of critical services.
- CVE-2024-51941 : This is another code injection vulnerability found in Ambari Metrics and AMS Alerts feature. Similar to CVE-2025-23196, this vulnerability also allows an authenticated attacker to execute arbitrary shell commands, posing a high risk to the safety and security of the system.
The Apache Software Foundation has fixed these vulnerabilities in the latest versions. Users are advised to upgrade to version 2.7.9 or later to mitigate cybersecurity risks.According to Security Online
No comments: