CVE-2025-64152
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk30th percentile — higher than 30% of all known CVEs
Summary
A path traversal vulnerability has been discovered in Apache IoTDB, allowing access to files outside the restricted directory. The issue affects versions from 1.0.0 to 1.3.5 and from 2.0.0 to 2.0.6.
Risk Assessment
An attacker can read or write files outside the allowed directory, potentially leading to data leakage or system integrity compromise.
Recommendation
It is recommended to immediately upgrade Apache IoTDB to version 1.3.6 or 2.0.7, which fix this vulnerability.
Original NVD description (English source)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.6 and 2.0.7, which fixes the issue.

