Dremio seems affected by this CRITICAL CVE-2025-7783
Do you have any information/statement about this CVE? Do you have any plan to upgrade the affected libraries?
We take security issues seriously here. Security | Dremio has some more information about our approach. In general, we resolve exploitable security issues within our internal security SLAs based on severity while also aiming to update other packages with vulnerabilities (that aren’t exploitable) up to date. We do our best to document package changes in the release notes as well. You can see some of the updates made in 25.0.0 and subsequent releases on the website here.