CVE-2025-60012 in Livy
Summary
by MITRE • 03/13/2026
Malicious configuration can lead to unauthorized file access in Apache Livy.
This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later.
A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to files they do not have permissions to.
For the vulnerability to be exploitable, the user needs to have access to Apache Livy's REST or JDBC interface and be able to send requests with arbitrary Spark configuration values.
Users are recommended to upgrade to version 0.9.0 or later, which fixes the issue.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/20/2026
Apache Livy version 0.7.0 and 0.8.0 contain a critical configuration vulnerability that enables unauthorized file access through malicious Spark configuration parameters. This vulnerability specifically impacts systems where Livy connects to Apache Spark 3.1 or later versions, creating a pathway for privilege escalation and data exfiltration. The flaw arises from insufficient validation of Spark configuration values passed through Livy's REST and JDBC interfaces, allowing authenticated users to manipulate configuration parameters that should remain restricted.
The technical implementation of this vulnerability stems from Livy's failure to properly sanitize or validate Spark configuration parameters that are passed through its interface. When users submit requests containing specific Spark configuration values supported in Spark 3.1 and later, the system processes these parameters without adequate authorization checks. This creates an attack vector where malicious actors can manipulate file system access controls through configuration parameters that should be restricted to authorized administrators only. The vulnerability is classified as a configuration management flaw that allows for improper access control enforcement.
The operational impact of this vulnerability extends beyond simple unauthorized file access to potentially enable full system compromise. Attackers can leverage this issue to read sensitive files, access restricted data, and potentially exfiltrate confidential information from the underlying Spark cluster. The vulnerability affects organizations that rely on Livy for job submission and cluster management, particularly those with multi-tenant environments where proper isolation is critical. The exploit requires only access to Livy's REST or JDBC endpoints, making it particularly dangerous as it can be triggered by any authenticated user with minimal privileges.
Security controls and mitigation strategies should focus on immediate version upgrades to Apache Livy 0.9.0 or later, which includes proper configuration parameter validation and sanitization. Organizations should also implement network segmentation to limit access to Livy interfaces, enforce strict authentication mechanisms, and monitor for unusual configuration parameter usage patterns. The vulnerability demonstrates the importance of proper input validation and configuration management in distributed computing environments, aligning with common weakness enumerations such as CWE-20 for improper input validation and CWE-269 for improper privilege management. This issue also maps to ATT&CK technique T1078 for valid accounts and T1566 for spearphishing with a malicious attachment, as it leverages legitimate access to exploit configuration weaknesses.