CVE-2025-33042

medium

Red Hat

CVSS v3 Base Score

5.6

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score

0.0%

Exploitation probability in 30 days

Top 87% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Confidentiality

Low

Integrity

Low

Availability

Low

Published: February 13, 2026 (90 days ago)

Last Modified: February 13, 2026

Vendor: Red Hat

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 or 1.11.5, which fix the issue.

CWE

CWE-94

Affected Products

Red Hat build of Apache Camel 4 for Quarkus 3Red Hat build of Apache Camel for Spring Boot 4Red Hat build of Apicurio Registry 2Red Hat build of Apicurio Registry 3Red Hat build of Debezium 2Red Hat build of Debezium 3Red Hat build of QuarkusRed Hat Data Grid 8Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 7

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com 🔗 issues.apache.org

CVE-2025-33042

Vulnerability Report

Description

CWE

Affected Products

References