oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2025-48459: Apache IoTDB: Deserialization of untrusted Data

From: Haonan Hou <haonan () apache org>
Date: Wed, 24 Sep 2025 06:31:07 +0000
Severity: moderate 

Affected versions:

- Apache IoTDB 1.0.0 before 2.0.5

Description:

Deserialization of Untrusted Data vulnerability in Apache IoTDB.

This issue affects Apache IoTDB: from 1.0.0 before 2.0.5.

Users are recommended to upgrade to version 2.0.5, which fixes the issue.

Credit:

Sanny (finder)
75Acol (finder)
stan fang (finder)
Wu Jiang (finder)

References:

https://iotdb.apache.org
https://www.cve.org/CVERecord?id=CVE-2025-48459
Previous By Date Next
Previous By Thread Next

Current thread: