CVE-2025-14758

Summary

Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials

Affected Software

VendorProductVersion RangeStatus
ALASCAYAOOK0.20240809.0 < 0.20251211.0affected

Weaknesses

  • CWE-1188: CWE-1188: Initialization of a Resource with an Insecure Default

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References