CVE-2025-55017
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk30th percentile — higher than 30% of all known CVEs
Summary
A Path Traversal vulnerability has been discovered in Apache IoTDB, allowing bypass of file path restrictions. The issue affects versions from 2.0.0 before 2.0.6 and from 1.0.0 before 1.3.6.
Risk Assessment
An attacker could gain unauthorized access to files outside the restricted directory, potentially leading to data leakage or system integrity compromise.
Recommendation
It is recommended to immediately upgrade Apache IoTDB to version 1.3.6 or 2.0.6, which contain the fix for this vulnerability.
Original NVD description (English source)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 2.0.0 before 2.0.6, from 1.0.0 before 1.3.6. Users are recommended to upgrade to version 1.3.6 and 2.0.6, which fixes the issue.

