CVE Identifier: CVE-2025-29847 Vulnerability: Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass Severity: moderate Affected versions: Apache Linkis 1.3.0 through 1.7.0 Description: A vulnerability is present in Apache Linkis that allows unauthorized access to system files via JDBC parameters due to a double URL encoding bypass in the JDBC engine and data source functionality. Solution: Continuously check the connection information for the "%" character. If present, perform URL decoding. Users are advised to upgrade to version 1.8.0, which resolves the issue. Credit: Discovered by Le1a and A1kaid from Threatbook. The analyst is kinghao. Le1a and kinghao also contributed to the remediation development and review. References: - -