CVE-2025-26795Sensitive Information Exposure in Software Foundation Apache Iotdb Jdbc Driver

CWE-200Sensitive Information ExposureCWE-532Log File Information Exposure4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 34.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache Iotdb Jdbc DriverApache Iotdb
Timeline
PublishedMay 14

Description

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver. This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 2.0.2 and 1.3.4, which fix the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5apache_software_foundation/apache_iotdb_jdbc_driver2.0.1-beta2.0.2+1
NVDapache/iotdb0.10.01.3.4+1

🔴Vulnerability Details

3
CVEList
Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver2025-05-14
GHSA
Apache IoTDB JDBC Driver Discloses Sensitive Information via Log Files2025-05-14
OSV
Apache IoTDB JDBC Driver Discloses Sensitive Information via Log Files2025-05-14
CVE-2025-26795 — Sensitive Information Exposure | cvebase