CVE-2025-8862

Summary

YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigate this, we recommend upgrading the database to a version where this information is properly redacted.

Affected Software

VendorProductVersion RangeStatus
YugabyteDB IncYugabyteDB2024.1.0 < 2024.1.3affected
YugabyteDB IncYugabyteDB2.20.0.0 < 2.20.7.0affected
YugabyteDB IncYugabyteDB2.23.0.0 < 2.23.1.0affected

Weaknesses

  • CWE-201: CWE-201 Insertion of Sensitive Information Into Sent Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References