CVE-2025-27821

High

Published: 26 January 2026

Published

26 January 2026

Modified

27 January 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0005 14.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27821 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apache Hadoop. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190).

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-16 Memory Protection

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Out-of-bounds write in network-accessible HDFS native client directly enables remote exploitation of a public-facing Hadoop service without authentication.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.

Deeper analysisAI

CVE-2025-27821 is an out-of-bounds write vulnerability (CWE-787) in the Apache Hadoop HDFS native client. It affects Apache Hadoop versions from 3.2.0 up to but not including 3.4.2. The issue was published on 2026-01-26 and carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and lack of prerequisites for exploitation.

Unauthenticated attackers with network access to a vulnerable Hadoop instance can exploit this flaw remotely with low complexity and no user interaction required. Successful exploitation allows limited impacts: low confidentiality (partial data exposure), low integrity (minor unauthorized modifications), and low availability (limited denial of service), all within the unchanged scope of the affected component.

Apache advisories recommend upgrading to version 3.4.2, which resolves the vulnerability. Detailed discussions appear in the Apache mailing list thread at https://lists.apache.org/thread/kwjhyyx0wl2z9b0mw0styjk0hhdbyplh and the oss-security announcement at http://www.openwall.com/lists/oss-security/2026/01/23/7.

Details

CWE(s): CWE-787

Affected Products

apache

hadoop

3.2.0 — 3.4.2

CVEs Like This One

CVE-2025-24783Same vendor: Apache

CVE-2026-24343Same vendor: Apache

CVE-2025-61622Same vendor: Apache

CVE-2024-52577Same vendor: Apache

CVE-2026-41635Same vendor: Apache

CVE-2025-67895Same vendor: Apache

CVE-2024-55532Same vendor: Apache

CVE-2025-54466Same vendor: Apache

CVE-2026-40860Same vendor: Apache

CVE-2026-29146Same vendor: Apache

References

https://lists.apache.org/thread/kwjhyyx0wl2z9b0mw0styjk0hhdbyplh
Mailing List, Vendor Advisory · security@apache.org
http://www.openwall.com/lists/oss-security/2026/01/23/7
Mailing List, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108