CVE-2025-66524 | Apache NiFi up to 2.6.0 GetAsanaObject Processor deserialization

A vulnerability described as critical has been identified in Apache NiFi up to 2.6.0. This affects an unknown function of the component GetAsanaObject Processor. Executing manipulation can lead to deserialization.

This vulnerability is registered as CVE-2025-66524. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is recommended.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.VulDB Recent EntriesRead More