Apache Seata
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apache Seata.
By the Year
In 2025 there have been 4 vulnerabilities in Apache Seata with an average score of 9.8 out of ten. Last year, in 2024 Seata had 1 security vulnerability published. That is, 3 more vulnerabilities have already been reported in 2025 as compared to last year. Interestingly, the average vulnerability score and the number of vulnerabilities for 2025 and last year was the same.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 4 | 9.80 |
| 2024 | 1 | 9.80 |
It may take a day or so for new Seata vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Seata Security Vulnerabilities
Apache Seata 2.4.0 Deserialization Issue (Prior to 2.5.0)
CVE-2025-53606
9.8 - Critical
- August 08, 2025
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): 2.4.0. Users are recommended to upgrade to version 2.5.0, which fixes the issue.
Marshaling, Unmarshaling
Apache Seata Deserialization Vulnerability before 2.3.0 (CVE-2025-32897)
CVE-2025-32897
- June 28, 2025
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This security vulnerability is the same as CVE-2024-47552, but the version range described in the CVE-2024-47552 definition is too narrow. This issue affects Apache Seata (incubating): from 2.0.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.
Marshaling, Unmarshaling
Apache Seata 2.2.0 or earlier: Data Amplification via Highly Compressed Data
CVE-2024-54016
- March 20, 2025
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): through <=2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.
Data Amplification
Apache Seata 2.0.0-<2.2.0 Deserialization Vulnerability
CVE-2024-47552
- March 20, 2025
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): from 2.0.0 before 2.2.0. Users are recommended to upgrade to version 2.2.0, which fixes the issue.
Marshaling, Unmarshaling
Apache Seata <=2.0.0 SeataServer Deserialization of Untrusted Data
CVE-2024-22399
9.8 - Critical
- September 16, 2024
Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private protocol. This issue affects Apache Seata: 2.0.0, from 1.0.0 through 1.8.0. Users are recommended to upgrade to version 2.1.0/1.8.1, which fixes the issue.
Marshaling, Unmarshaling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Seata or by Apache? Click the Watch button to subscribe.
