CVE-2025-62228— Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC: SQL injection via maliciously crafted identifiers

EPSS 0.04% · P11 Updated Nov 05, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-62228

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC: SQL injection via maliciously crafted identifiers

Source: NVD (National Vulnerability Database)

Vulnerability Description

Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update Flink CDC version to 3.5.0 which address this issue.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Apache Flink CDC SQL注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Apache Flink CDC是Apache基金会的一个实时数据捕获框架。 Apache Flink CDC 3.4.0版本存在SQL注入漏洞，该漏洞源于对特制标识符如数据库名或表名处理不当，可能导致SQL注入攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Apache Software Foundation	Apache Flink CDC	3.0.0 ~ 3.4.0	-
Apache Software Foundation	Apache Flink CDC	3.0.0 ~ 3.4.0	-
Apache Software Foundation	Apache Flink CDC	3.0.0 ~ 3.4.0	-
Apache Software Foundation	Apache Flink CDC	3.0.0 ~ 3.4.0	-
Apache Software Foundation	Apache Flink CDC	3.3.0 ~ 3.4.0	-

II. Public POCs for CVE-2025-62228

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-62228

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same vendor: Apache Software Foundation

Same weakness: CWE-89

V. Comments for CVE-2025-62228

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-62228— Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC: SQL injection via maliciously crafted identifiers

I. Basic Information for CVE-2025-62228

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-62228

III. Intelligence Information for CVE-2025-62228

IV. Related Vulnerabilities

V. Comments for CVE-2025-62228

Leave a comment