Vulnerability cyber

Denodo

Jun 2, 2025 1 min read
Denodo

A significant security vulnerability has been discovered in Denodo Scheduler, a data management software component, that allows attackers to execute remote code on affected systems. The flaw, identified as CVE-2025-26147, exploits a path traversal vulnerability in the Kerberos authentication configuration feature, potentially compromising the security of enterprise data management infrastructure. This vulnerability can lead to complete remote code execution capabilities, allowing attackers to upload malicious files and execute arbitrary system commands, effectively providing complete control over the compromised server.

Source: https://cybersecuritynews.com/denodo-scheduler-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/denodo-technologies

"id": "den742060225",
"linkid": "denodo-technologies",
"type": "Vulnerability",
"date": "6/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'industry': 'Data Management',
                        'name': 'Denodo',
                        'type': 'Software Vendor'}],
 'attack_vector': 'Path Traversal',
 'date_detected': '2024-04-09',
 'date_resolved': '2024-04-23',
 'description': 'A significant security vulnerability has been discovered in '
                'Denodo Scheduler, a data management software component, that '
                'allows attackers to execute remote code on affected systems. '
                'The flaw, identified as CVE-2025-26147, exploits a path '
                'traversal vulnerability in the Kerberos authentication '
                'configuration feature, potentially compromising the security '
                'of enterprise data management infrastructure.',
 'impact': {'systems_affected': 'Denodo Scheduler'},
 'initial_access_broker': {'entry_point': 'Kerberos authentication '
                                          'configuration feature'},
 'investigation_status': 'Resolved',
 'lessons_learned': 'The importance of secure coding practices, particularly '
                    'around file upload functionality and input validation.',
 'motivation': 'Unauthorized Access, Remote Code Execution',
 'post_incident_analysis': {'corrective_actions': 'Security patch applied',
                            'root_causes': 'Failure to properly validate the '
                                           'filename parameter in multipart '
                                           'form data POST requests.'},
 'recommendations': 'Prioritize patch deployment and conduct security '
                    'assessments of data management infrastructure.',
 'response': {'remediation_measures': 'Security patch released'},
 'title': 'Denodo Scheduler Path Traversal Vulnerability Leading to Remote '
          'Code Execution',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'CVE-2025-26147'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.