CVE-2021-25646 — AI Deep Analysis Summary

🚨 **Essence**: Apache Druid **Access Control Error** allowing arbitrary code execution.…

🛡️ **Root Cause**: **Access Control Error** (Bypass). <br>🔍 **Flaw**: Lack of proper authorization checks allows overriding system configurations via requests.…

📦 **Affected**: **Apache Druid**. <br>📅 **Versions**: **0.20.0 and earlier**. <br>🏢 **Vendor**: Apache Software Foundation.

👑 **Privileges**: **Server Process Privileges** (Root/Admin level). <br>📂 **Data**: Full control over the server, arbitrary code execution, potential data exfiltration or system compromise.

⚠️ **Threshold**: **Medium**. <br>🔑 **Auth**: Requires **Authentication** (though default configs may lack it, the vuln specifically mentions 'authenticated users').…

🔓 **Public Exp**: **YES**. <br>📜 **PoCs**: Multiple Python scripts, C# GUI tools, and HTTP POST payloads available on GitHub (e.g., `cve-2021-25646.py`). <br>🌐 **Wild Exp**: Active exploitation tools exist.

🔍 **Self-Check**: <br>1. Use Python PoC scripts (e.g., `python3 cve-2021-25646.py -h <target>`). <br>2. Check for **DNSLog** callbacks. <br>3. Scan for default ports (e.g., **8888**) and Druid console titles.

✅ **Fixed**: **YES**. <br>🛠️ **Patch**: Released in **Druid 0.21.0**. <br>📢 **Source**: Apache mailing lists confirm fix in branch 0.21.0.

🚧 **No Patch Workaround**: <br>1. **Restrict Access**: Block port 8888 via firewall/WAF. <br>2. **Enable Auth**: Ensure strict authentication is enabled (if possible in older versions). <br>3.…

🔥 **Urgency**: **HIGH**. <br>📉 **Priority**: **Critical**. <br>💡 **Reason**: RCE with high privileges, public PoCs available, and many legacy systems still on 0.20.0 or earlier.…