CVE Catalog
CVE-2025-53648
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk0.35%
27th percentile — higher than 27% of all known CVEs
Summary
A SQL misconfiguration in the Gravitino UI, versions 1.0.0 and below, allows a malicious user to read or truncate files. The issue is fixed in version 1.0.0.
Risk Assessment
The organization is at risk of unauthorized file access and potential deletion, which could lead to data leakage or service disruption.
Recommendation
Upgrade Gravitino to version 1.0.0 immediately, which contains the fix for this vulnerability.
Original NVD description (English source)
SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue.

