Skip to main content

Apache Iotdb

2 CVEs product

Monthly

CVE-2025-64152 CRITICAL PATCH Act Now

Path traversal in Apache IoTDB (1.0.0 before 1.3.6 and 2.0.0 before 2.0.7) allows remote attackers to read and write files outside the intended restricted directory by supplying crafted pathnames, leading to high confidentiality and integrity impact. The CVSS 3.1 base score is 9.1 (AV:N/AC:L/PR:N/UI:N) indicating network-reachable, unauthenticated exploitation against affected versions. No public exploit identified at time of analysis and the issue is not listed in CISA KEV; fixed versions 1.3.6 and 2.0.7 are available from the Apache vendor.

Apache Path Traversal Apache Iotdb
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-55017 CRITICAL PATCH Act Now

Path traversal in Apache IoTDB (versions 1.0.0–1.3.5 and 2.0.0–2.0.5) lets remote unauthenticated attackers reference files outside the intended directory using crafted '../' sequences in a pathname, yielding high-impact disclosure and modification of files (C:H/I:H). With a CVSS 3.1 score of 9.1 and PR:N/UI:N, the flaw is exploitable over the network against affected instances with no credentials or user interaction. No public exploit code has been identified at time of analysis, and the issue is not listed in CISA KEV.

Apache Path Traversal Apache Iotdb
NVD
CVSS 3.1
9.1
EPSS
0.4%
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Path traversal in Apache IoTDB (1.0.0 before 1.3.6 and 2.0.0 before 2.0.7) allows remote attackers to read and write files outside the intended restricted directory by supplying crafted pathnames, leading to high confidentiality and integrity impact. The CVSS 3.1 base score is 9.1 (AV:N/AC:L/PR:N/UI:N) indicating network-reachable, unauthenticated exploitation against affected versions. No public exploit identified at time of analysis and the issue is not listed in CISA KEV; fixed versions 1.3.6 and 2.0.7 are available from the Apache vendor.

Apache Path Traversal Apache Iotdb
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Path traversal in Apache IoTDB (versions 1.0.0–1.3.5 and 2.0.0–2.0.5) lets remote unauthenticated attackers reference files outside the intended directory using crafted '../' sequences in a pathname, yielding high-impact disclosure and modification of files (C:H/I:H). With a CVSS 3.1 score of 9.1 and PR:N/UI:N, the flaw is exploitable over the network against affected instances with no credentials or user interaction. No public exploit code has been identified at time of analysis, and the issue is not listed in CISA KEV.

Apache Path Traversal Apache Iotdb
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy