2
0
2
2
Vulnerability Timeline
2 vulnerabilities discovered over time for Livy
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2025-66249 | 6.3 | This vulnerability allows an attacker to access files outside of the intended directory on an Apache Livy server, potentially exposing sensitive data. It can only be exploited if the server is configured with a non-default setting for local directory access, so users should upgrade to version 0.9.0 to protect against this risk. | apachelivy | Exploit Available | 25 days agoMar 13, 2026 |
| CVE-2025-60012 | 6.3 | This vulnerability allows an attacker to access files they shouldn't be able to reach by sending specially crafted requests to Apache Livy's REST or JDBC interface. To exploit this, the attacker must already have access to these interfaces and be able to include specific Spark configuration values in their requests. | apachelivy | Exploit Available | 25 days agoMar 13, 2026 |
About Apache Livy Security
This page provides comprehensive security vulnerability tracking for Apache Livy. Our database includes all CVEs affecting this product, updated in real-time from official sources.
Each vulnerability listing includes detailed CVSS severity analysis, exploit availability status, AI-generated explanations, and direct links to official security patches and vendor advisories.
Security Recommendations
- • Always keep Livy updated to the latest version
- • Subscribe to security advisories from Apache
- • Monitor this page for new vulnerabilities affecting your version
- • Prioritize patching critical and high severity issues immediately