CVE-2025-8863
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-11
Last updated on: 2025-08-11
Assigner: Yugabyte, Inc.
Description
Description
YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yugabyte | yugabytedb | 4.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves YugabyteDB transmitting diagnostic information over HTTP instead of a secure protocol like HTTPS. Because HTTP is not encrypted, sensitive data sent during these transmissions could be intercepted by attackers.
How can this vulnerability impact me? :
The vulnerability could lead to exposure of sensitive diagnostic information during transmission, potentially allowing attackers to intercept and misuse this data. This could compromise system security and privacy.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70