CVE-2025-26795

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver.

This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2.

Users are recommended to upgrade to version 2.0.2 and 1.3.4, which fix the issue.

Published: May 14, 2025
Updated: Aug 11, 2025
CVE: CVE-2025-26795
GHSA: GHSA-gp98-hfvm-2r4x
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-200
CWE-532

Affected Software
References

Software	From	Fixed in
org.apache.iotdb / iotdb-jdbc	0.10.0	1.3.4
org.apache.iotdb / iotdb-jdbc	2.0.1-beta	2.0.2
apache / iotdb	0.10.0	1.3.4
apache / iotdb	2.0.1	2.0.2

http://www.openwall.com/lists/oss-security/2025/05/14/3
https://github.com/apache/iotdb/commit/34fcaff6b72470d5ad369307dde7fae8897aea7e
https://github.com/apache/iotdb/commit/8e61e3072ab9ee9a1bbf6c3230014111965462bf
https://github.com/apache/iotdb/pull/14857
https://github.com/apache/iotdb/pull/14863
https://lists.apache.org/thread/bj0ytxr5wg0c4jw8xm7rhfd8ogho0r91

Vulnerability Database

CVE-2025-26795