CVE Catalog

CVE-2025-64152

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile — higher than 30% of all known CVEs

Summary

A path traversal vulnerability has been discovered in Apache IoTDB, allowing access to files outside the restricted directory. The issue affects versions from 1.0.0 to 1.3.5 and from 2.0.0 to 2.0.6.

Risk Assessment

An attacker can read or write files outside the allowed directory, potentially leading to data leakage or system integrity compromise.

Recommendation

It is recommended to immediately upgrade Apache IoTDB to version 1.3.6 or 2.0.7, which fix this vulnerability.

Original NVD description (English source)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.6 and 2.0.7, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS