CVE-2025-8862

YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigate this, we recommend upgrading the database to a version where this information is properly redacted.

CVSS

No CVSS.

References

Link	Resource
https://docs.yugabyte.com/preview/secure/vulnerability-disclosure-policy/

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) YugabyteDB ha estado recopilando información de diagnóstico de sus servidores, que puede incluir configuraciones de gflag sensibles. Para mitigar esto, recomendamos actualizar la base de datos a una versión donde esta información esté correctamente redactada.

11 Aug 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-11 13:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-8862

Mitre link : CVE-2025-8862

CVE.ORG link : CVE-2025-8862

JSON object : View

Products Affected

No product.

CWE

CWE-201

Insertion of Sensitive Information Into Sent Data

{"id": "CVE-2025-8862", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@yugabyte.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-11T13:15:39.610", "references": [{"url": "https://docs.yugabyte.com/preview/secure/vulnerability-disclosure-policy/", "source": "security@yugabyte.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@yugabyte.com", "description": [{"lang": "en", "value": "CWE-201"}]}], "descriptions": [{"lang": "en", "value": "YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigate this, we recommend upgrading the database to a version where this information is properly redacted."}, {"lang": "es", "value": "YugabyteDB ha estado recopilando informaci\u00f3n de diagn\u00f3stico de sus servidores, que puede incluir configuraciones de gflag sensibles. Para mitigar esto, recomendamos actualizar la base de datos a una versi\u00f3n donde esta informaci\u00f3n est\u00e9 correctamente redactada."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "security@yugabyte.com"}