CVE-2025-32896: Apache SeaTunnel Flaw Enables Unauthenticated File Read &- RCE - #CVE-2025-32896
A critical vulnerability, CVE-2025-32896, has been discovered in Apache SeaTunnel, a widely-used distributed data integration platform. This security flaw allows unauthenticated attackers to read arbitrary files and execute remote code through deserialization attacks, exploiting a legacy REST API endpoint. The vulnerability poses a significant risk to large organizations utilizing SeaTunnel for data integration. To address this issue, users are strongly advised to upgrade to Apache SeaTunnel version 2.3.11 or later, enable RESTful API v2, and implement HTTPS two-way authentication for all SeaTunnel nodes. The vulnerability has been successfully patched in pull request #9010, which enhances access control measures and secures the API endpoints, mitigating the potential for unauthorized access and malicious exploitation.