CVE-2025-62188Sensitive Information Exposure in Software Foundation Apache Dolphinscheduler

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 97.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Software Foundation Apache Dolphinscheduler
Timeline
PublishedApr 9

Description

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.*. Users are recommended to upgrade to: * version ≥ 3.2.0 if using 3.1.x As a temporary workaround, users who cannot upgrade immediately may restrict the exposed management endpoints by setting the following en

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-3cjc-vhfm-ffp2: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler2026-04-09
GHSA
Apache DolphinScheduler vulnerable to sensitive information disclosure2026-04-09
CVEList
Apache DolphinScheduler: Users can access sensitive information through the actuator endpoint.2026-04-09
CVE-2025-62188 — Sensitive Information Exposure | cvebase