Description

Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler:  Version >= 3.2.0 and < 3.3.1. Attackers who can access the Master or Worker nodes can compromise the system by creating a StandardRpcRequest, injecting a malicious class type into it, and sending RPC requests to the DolphinScheduler Master/Worker nodes. Users are recommended to upgrade to version [3.3.1], which fixes the issue.

INFO

Published Date :

2026-04-24T10:54:55.162Z

Last Modified :

2026-04-24T11:28:22.000Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2025-62233 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-62233.

URL Resource
https://lists.apache.org/thread/79s80h51r4z5d4l2xs5xy364rmmo1bw0 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System