Cyber Resilience

CVE-2025-27821

High

Published: 26 January 2026

Published
26 January 2026
Modified
27 January 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0004 14.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27821 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apache Hadoop. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-2 (Baseline Configuration) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-27821 is an out-of-bounds write vulnerability (CWE-787) in the Apache Hadoop HDFS native client. It affects Apache Hadoop versions from 3.2.0 up to but not including 3.4.2. The issue was published on 2026-01-26 and carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and lack of prerequisites for exploitation.

Unauthenticated attackers with network access to a vulnerable Hadoop instance can exploit this flaw remotely with low complexity and no user interaction required. Successful exploitation allows limited impacts: low confidentiality (partial data exposure), low integrity (minor unauthorized modifications), and low availability (limited denial of service), all within the unchanged scope of the affected component.

Apache advisories recommend upgrading to version 3.4.2, which resolves the vulnerability. Detailed discussions appear in the Apache mailing list thread at https://lists.apache.org/thread/kwjhyyx0wl2z9b0mw0styjk0hhdbyplh and the oss-security announcement at http://www.openwall.com/lists/oss-security/2026/01/23/7.

EU & UK References

Vulnerability details

Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Out-of-bounds write in network-accessible HDFS native client directly enables remote exploitation of a public-facing Hadoop service without authentication.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-27446Same vendor: Apache
CVE-2024-32838Same vendor: Apache
CVE-2026-34486Same vendor: Apache
CVE-2026-31910Same vendor: Apache
CVE-2026-41084Same vendor: Apache
CVE-2026-40473Same vendor: Apache
CVE-2025-66236Same vendor: Apache
CVE-2026-42498Same vendor: Apache
CVE-2025-54466Same vendor: Apache
CVE-2026-24343Same vendor: Apache

Affected Assets

apache
hadoop
3.2.0 — 3.4.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of known flaws such as this out-of-bounds write by applying the vendor-supplied upgrade to Hadoop 3.4.2.

prevent

Establishes and maintains approved baseline configurations that exclude vulnerable Hadoop versions (3.2.0–3.4.1) from operational use.

detect

Requires ongoing vulnerability scanning to discover instances of the affected HDFS native client before exploitation occurs.

References