CVE Catalog

CVE-2025-55017

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile — higher than 30% of all known CVEs

Summary

A Path Traversal vulnerability has been discovered in Apache IoTDB, allowing bypass of file path restrictions. The issue affects versions from 2.0.0 before 2.0.6 and from 1.0.0 before 1.3.6.

Risk Assessment

An attacker could gain unauthorized access to files outside the restricted directory, potentially leading to data leakage or system integrity compromise.

Recommendation

It is recommended to immediately upgrade Apache IoTDB to version 1.3.6 or 2.0.6, which contain the fix for this vulnerability.

Original NVD description (English source)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 2.0.0 before 2.0.6, from 1.0.0 before 1.3.6. Users are recommended to upgrade to version 1.3.6 and 2.0.6, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS