CVE Daily

CVE-2025-53606

Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). T...

Critical CVSS 9.8

Overview

Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).

This issue affects Apache Seata (incubating): 2.4.0.

Users are recommended to upgrade to version 2.5.0, which fixes the issue.

CWE: CWE-502 Published: 2025-08-08T10:15:26.547
Risk analysis

This vulnerability is rated 🔴 CRITICAL.

  • CVSS: 9.8 (CRITICAL)
  • Detected tags: apache, deserialization (tag impact: MODERATE)

Recommended actions:

  • Avoid untrusted deserialization; prefer safe formats (JSON) and signatures.

Recommended tools

Tags