CVE-2025-8863

Summary

YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission

Affected Software

VendorProductVersion RangeStatus
YugabyteDB IncYugabyteDB2024.1.0 < 2024.1.3affected
YugabyteDB IncYugabyteDB2.20.0.0 < 2.20.7.0affected
YugabyteDB IncYugabyteDB2.23.0.0 < 2.23.1.0affected

Weaknesses

  • CWE-319: CWE-319 Cleartext Transmission of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References