CVE-2025-53606: Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server

[Min Ji <jimin () apache org>]

Severity: low 

Affected versions:

- Apache Seata (incubating) 2.4.0

Description:

Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).

This issue affects Apache Seata (incubating): 2.4.0.

Users are recommended to upgrade to version 2.5.0, which fixes the issue.

Credit:

A.R. (finder)

References:

https://seata.incubator.apache.org
https://www.cve.org/CVERecord?id=CVE-2025-53606