Skip to main content
CVE-2025-55017 CRITICAL PATCH Act Now

Path traversal in Apache IoTDB (versions 1.0.0–1.3.5 and 2.0.0–2.0.5) lets remote unauthenticated attackers reference files outside the intended directory using crafted '../' sequences in a pathname, yielding high-impact disclosure and modification of files (C:H/I:H). With a CVSS 3.1 score of 9.1 and PR:N/UI:N, the flaw is exploitable over the network against affected instances with no credentials or user interaction. No public exploit code has been identified at time of analysis, and the issue is not listed in CISA KEV.

Path Traversal Apache Apache Iotdb
NVD
CVSS 3.1
9.1
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy