CVE-2026-25747 - Vulnerability Analysis

Overview

Apache Camel LevelDB component (4.10.0 < versions < 4.10.9, 4.14.0 < versions < 4.14.5, 4.15.0 < versions < 4.18.0) contains an insecure deserialization vulnerability caused by unfiltered deserialization in DefaultLevelDBSerializer, letting attackers with write access to LevelDB files execute arbitrary code, exploit requires attacker to write crafted serialized objects to LevelDB files.

Severity & Score

Impact

Attackers with write access to LevelDB files can execute arbitrary code within the application context, potentially compromising the system.

Mitigation

Upgrade to Apache Camel 4.18.0, or 4.10.9 for 4.10.x LTS, or 4.14.5 for 4.14.x LTS releases.

References

• https://camel.apache.org/security/CVE-2026-25747.html
• https://github.com/oscerd/CVE-2026-25747
• http://www.openwall.com/lists/oss-security/2026/02/18/6

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner