Apache Dolphinscheduler

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-62188 HIGH PATCH GHSA This Week

Unauthenticated information disclosure in Apache DolphinScheduler 3.1.x exposes database credentials and sensitive configuration via unsecured management endpoints. Network-accessible attackers can retrieve authentication secrets without authentication (CVSS vector PR:N), directly compromising backend infrastructure. Affects all 3.1.* releases. No public exploit identified at time of analysis. Vendor remediation available in version 3.2.0.

Apache Information Disclosure Apache Dolphinscheduler

NVD

CVSS 3.1

7.5

EPSS

0.0%

CVE-2025-62188

EPSS 0% CVSS 7.5

HIGH PATCH This Week

Unauthenticated information disclosure in Apache DolphinScheduler 3.1.x exposes database credentials and sensitive configuration via unsecured management endpoints. Network-accessible attackers can retrieve authentication secrets without authentication (CVSS vector PR:N), directly compromising backend infrastructure. Affects all 3.1.* releases. No public exploit identified at time of analysis. Vendor remediation available in version 3.2.0.

Apache Information Disclosure Apache Dolphinscheduler

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy