CVE-2025-8865

The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs. An authenticated attacker could exploit this issue to crash the YCQL tablet server, resulting in a denial of service.

CVSS

No CVSS.

References

Link	Resource
https://docs.yugabyte.com/preview/secure/vulnerability-disclosure-policy/

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) El servidor de tabletas YugabyteDB presenta una falla en el manejo de consultas YCQL que puede provocar una desreferencia de puntero nulo al procesar ciertas entradas malformadas. Un atacante autenticado podría aprovechar esta falla para bloquear el servidor de tabletas YCQL y provocar una denegación de servicio.

11 Aug 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-11 15:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-8865

Mitre link : CVE-2025-8865

CVE.ORG link : CVE-2025-8865

JSON object : View

Products Affected

No product.

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2025-8865", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@yugabyte.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.1, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-11T15:15:29.203", "references": [{"url": "https://docs.yugabyte.com/preview/secure/vulnerability-disclosure-policy/", "source": "security@yugabyte.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@yugabyte.com", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs. An authenticated attacker could exploit this issue to crash the YCQL tablet server, resulting in a denial of service."}, {"lang": "es", "value": "El servidor de tabletas YugabyteDB presenta una falla en el manejo de consultas YCQL que puede provocar una desreferencia de puntero nulo al procesar ciertas entradas malformadas. Un atacante autenticado podr\u00eda aprovechar esta falla para bloquear el servidor de tabletas YCQL y provocar una denegaci\u00f3n de servicio."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "security@yugabyte.com"}