CVE-2025-27888: 
Java vulnerability analysis and mitigation

A security vulnerability identified as CVE-2025-27888 was discovered in Apache Druid, affecting all versions prior to 31.0.2 and 32.0.1. The vulnerability combines Server-Side Request Forgery (SSRF), Cross-Site Scripting (XSS), and URL Redirection to Untrusted Site (Open Redirect) issues. The flaw was disclosed on March 19, 2025, and received a CVSS v4.0 score of 5.8 (Medium severity) (NVD, Security Online).

The vulnerability exists in the Druid management proxy functionality, which is enabled by default in the out-of-box configuration. When using the management proxy, a specially crafted URL can be manipulated to redirect requests to arbitrary servers. The vulnerability requires authentication for exploitation, but due to its default enabled state in the configuration, it poses a significant risk. The issue has been assigned a CVSS v4.0 Base Score of 5.8 (Medium) with the vector string CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N (NVD, Openwall).

The vulnerability can lead to multiple security implications including redirection to malicious websites, potential token theft, and cross-site request forgery (XSRF) attacks. Organizations with multi-user environments or external access to the Druid UI are particularly at risk, as authenticated attackers could exploit this flaw to redirect users to phishing pages or inject malicious scripts (Security Online).

Users are strongly recommended to upgrade to either Apache Druid version 31.0.2 or 32.0.1, which contain fixes for this vulnerability. As a temporary workaround, the management proxy can be disabled, though this will impact some web console features while maintaining core functionality. Organizations should carefully evaluate their deployment configurations and implement the necessary updates to ensure system security (Openwall, Security Online).