CVE-2025-33042

ADVISORY - github

Summary

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas.

This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0.

Users are recommended to upgrade to version 1.12.1 or 1.11.5, which fix the issue.

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-94⁠

Improper Control of Generation of Code ('Code Injection')

ADVISORY - github

CWE-94⁠

Improper Control of Generation of Code ('Code Injection')

ADVISORY - redhat

CWE-94⁠

Improper Control of Generation of Code ('Code Injection')

Impacted images

Advisories

NIST

CREATED

15 hours ago

UPDATED

8 hours ago

ADVISORY IDCVE-2025-33042⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-94⁠

CVSS SCORE

7.3high

GitHub

CREATED

15 hours ago

UPDATED

7 hours ago

ADVISORY IDGHSA-rp46-r563-jrc7⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-94⁠

CVSS SCORE

6.9medium

Red Hat

CREATED

16 hours ago

UPDATED

2 hours ago

ADVISORY IDCVE-2025-33042⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-94⁠

CVSS SCORE

5.6medium