Apache Hadoop HDFS Native Client Vulnerability
Take action: If you are using Hadoop HDFS native client, plan an update. The flaw isn't immiediately exploited, so prioritize isolating and limiting who can access the Hadoop cluster using that client. Then plan an update to 3.4.2
Learn More
The Apache Software Foundation reports a security flaw in the Hadoop HDFS native client that attackers can exploit this to crash systems or corrupt stored information. This component helps manage data across large server clusters.
The flaw is tracked as CVE-2025-27821 (CVSS score 9.8) - An out-of-bounds write vulnerability in the URI parser that allows untrusted input to corrupt memory or trigger a denial-of-service.
An out-of-bounds write happens when the software receives a bad input and writes data past the end of its assigned memory. If a hacker breaks into a live system using this flaw, they could cause data loss or make the entire cluster go offline.
Apache released a fix in version 3.4.2. All users should update their systems to this version or later. Admins should also monitor their HDFS logs for strange URI patterns and limit who can connect to the HDFS client.
