CVE-2025-32896: Apache SeaTunnel - Unauthenticated Insecure Access Severity: Moderate Affected Versions: Apache SeaTunnel 2.3.1 through 2.3.10 Description: Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submitting a job using the restful api-v1. Details Unauthorized users can access to submit a job. An attacker can set extra parameters in the MySQL URL to perform an Arbitrary File Read and Deserialization attack. Fixed This issue affects Apache SeaTunnel <= 2.3.10. Recommendations Users are recommended to upgrade to version 2.3.11 and enable restful api-v2 & open HTTPS two-way authentication, which fixes the issue. Credit: Owen Amadeus (reporter) References: https://seatunnel.apache.org https://www.cve.org/CVERecord?id=CVE-2025-32896