CVE-2025-66524 | Apache NiFi up to 2.6.0 GetAsanaObject Processor deserialization (EUVD-2025-204524 / WID-SEC-2025-2892)
A vulnerability described as critical has been identified in Apache NiFi up to 2.6.0. This affects an unknown function of the component GetAsanaObject Processor. Executing a manipulation can lead to deserialization.
This vulnerability is registered as CVE-2025-66524. It is possible to launch the attack remotely. No exploit is available.
Upgrading the affected component is recommended.