CVE-2025-8862
BaseFortify
Publication date: 2025-08-11
Last updated on: 2025-08-11
Assigner: Yugabyte, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yugabytedb | yugabytedb | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-201 | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves YugabyteDB collecting diagnostics information from its servers, which may include sensitive gflag configurations. These sensitive configurations could potentially expose confidential information. The issue can be mitigated by upgrading to a version of YugabyteDB where this sensitive information is properly redacted.
How can this vulnerability impact me? :
The vulnerability could lead to exposure of sensitive configuration information from YugabyteDB servers, which might be exploited by attackers to gain insights into the system's internal settings or security posture. This could increase the risk of further attacks or unauthorized access.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the YugabyteDB database to a version where the diagnostics information, including sensitive gflag configurations, is properly redacted.