Apache Uniffle is a distributed data caching and storage coordination system developed under the Apache Software Foundation. The vulnerability CVE-2025-68637 arises from the Uniffle HTTP client’s default configuration that disables hostname verification and trusts all SSL certificates during REST API communications between the Uniffle CLI/client and the Coordinator service. This improper validation of certificates corresponds to CWE-297, which can lead to Man-in-the-Middle (MITM) attacks. An attacker positioned on the network path could intercept, modify, or redirect API requests and responses, potentially exposing sensitive data or injecting malicious commands. The issue affects all versions before 0.10.0, and no CVSS score has been assigned yet. The vulnerability does not require user interaction or authentication, making it easier to exploit if an attacker can access the network. The Apache Software Foundation has addressed this by releasing version 0.10.0, which enforces proper SSL certificate validation and hostname verification, mitigating the risk. No known exploits have been reported in the wild, but the risk remains significant due to the nature of the flaw and the critical role of Uniffle in data infrastructure.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of data transmitted between Uniffle clients and coordinators. Organizations using Apache Uniffle in big data analytics, cloud storage, or distributed computing environments could have sensitive operational data intercepted or altered by attackers conducting MITM attacks. This could lead to data breaches, unauthorized data manipulation, or disruption of data processing workflows. The availability impact is less direct but could occur if attackers disrupt communications or inject malformed data. Given the increasing reliance on distributed data platforms in Europe’s financial, telecommunications, and research sectors, exploitation could have serious operational and reputational consequences. The lack of authentication and user interaction requirements further increases the threat level, especially in environments where network segmentation or encryption is insufficient.

The primary mitigation is to upgrade Apache Uniffle to version 0.10.0 or later, which enforces proper SSL certificate validation and hostname verification. Organizations should audit their Uniffle deployments to confirm the version in use and verify that SSL/TLS configurations do not disable hostname verification or trust all certificates. Network-level protections such as enforcing TLS 1.2 or higher, using mutual TLS authentication, and deploying network segmentation to limit exposure of Uniffle communications can reduce risk. Monitoring network traffic for unusual patterns or unexpected certificate changes can help detect attempted MITM attacks. Additionally, organizations should review their internal PKI and certificate management practices to ensure certificates are valid, trusted, and properly issued. Incorporating these steps into regular security assessments and patch management processes will help prevent exploitation.