heise PlusAbo
Anzeige

Apache Hadoop: Flaw in HDFS-Native-Client allows malicious code to pass

The Apache Hadoop framework is vulnerable. Attacks can occur in the context of the HDFS file system. A security patch is available.

listen Print view
A symbolic sign with an update reminder.

(Image: Artur Szczybylo/Shutterstock.com)

1 min. read
Security
By

Attackers can target systems running Apache Hadoop. The entry point is a security vulnerability that has now been closed. In the worst case, malicious code can compromise PCs.

Malicious Code Vulnerability

As a warning message indicates, the HDFS-Native-Client is specifically threatened. HDFS (Hadoop Distributed File System) is a file system designed for large amounts of data. By successfully exploiting the vulnerability (CVE-2025-27821 "high"), attackers can trigger memory errors (out-of-bounds) and thereby push malicious code onto computers.

Videos by heise

The developers state that Apache Hadoop from version 3.2.0 is threatened by this. The release 3.4.2 is protected against the described attack. So far, there are no reports of attackers exploiting the vulnerability. Admins should install the security patch promptly.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten