PT-2025-21136 · Apache · Iotdb-Jdbc
Kyler Katz
·
Published
2025-05-14
·
Updated
2025-07-11
·
CVE-2025-26795
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
iotdb-jdbc versions 0.10.0 through 1.3.3
iotdb-jdbc versions 2.0.1-beta through 2.0.2
Description:
The issue is related to the exposure of sensitive information to an unauthorized actor and the insertion of sensitive information into log files in the Apache IoTDB JDBC driver. Users are advised to upgrade to resolve the issue.
Recommendations:
For iotdb-jdbc versions 0.10.0 through 1.3.3, upgrade to version 1.3.4.
For iotdb-jdbc versions 2.0.1-beta through 2.0.2, upgrade to version 2.0.2.
Fix
Information Disclosure
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Iotdb-Jdbc