CVE-2025-62188

Name of the Vulnerable Software and Affected Versions Apache DolphinScheduler versions 3.1.*

Description An issue exists in Apache DolphinScheduler that may allow unauthorized actors to access sensitive information, including database credentials. As a temporary workaround, users may restrict exposed management endpoints by setting the environment variable MANAGEMENT ENDPOINTS WEB EXPOSURE INCLUDE to 'health,metrics,prometheus', or by adding a configuration to the application.yaml file to include only 'health,metrics,prometheus' in the management endpoints web exposure.

Recommendations Upgrade to version 3.2.0 or later if using versions 3.1.x. As a temporary workaround, set the MANAGEMENT ENDPOINTS WEB EXPOSURE INCLUDE environment variable to 'health,metrics,prometheus'. Alternatively, configure the application.yaml file to include only 'health,metrics,prometheus' in the management endpoints web exposure.