CVE-2025-62233

Summary

Apache DolphinScheduler RPC module has a Deserialization of Untrusted Data vulnerability

Severity

medium

EPSS

0.5% (p39)

Also known as

GHSA-f786-9c63-8xr8#org.apache.dolphinscheduler:dolphinscheduler, GHSA-f786-9c63-8xr8#org.apache.dolphinscheduler:dolphinscheduler-rpc

Published

2026-04-24

References

• https://nvd.nist.gov/vuln/detail/CVE-2025-62233
• https://github.com/apache/dolphinscheduler
• https://lists.apache.org/thread/79s80h51r4z5d4l2xs5xy364rmmo1bw0

Related advisories

• CVE-2023-49109 — critical · Maven/org.apache.dolphinscheduler:dolphinscheduler
• CVE-2026-23902 — high · Maven/org.apache.dolphinscheduler:dolphinscheduler
• CVE-2025-62188 — high · Maven/org.apache.dolphinscheduler:dolphinscheduler
• CVE-2024-43115 — high · Maven/org.apache.dolphinscheduler:dolphinscheduler
• CVE-2024-30188 — high · Maven/org.apache.dolphinscheduler:dolphinscheduler
• CVE-2024-29831 — high · Maven/org.apache.dolphinscheduler:dolphinscheduler
• CVE-2023-49250 — high · Maven/org.apache.dolphinscheduler:dolphinscheduler
• CVE-2023-51770 — high · Maven/org.apache.dolphinscheduler:dolphinscheduler

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Summarize with AI

ChatGPTClaudePerplexity