Remote Code Execution Vulnerability in Apache IoTDB
CVE-2024-24780

9.8CRITICAL

Key Information:

Vendor

Apache

Vendor
CVE Published:
14 May 2025

What is CVE-2024-24780?

A vulnerability in Apache IoTDB enables an attacker with privileges to create User Defined Functions (UDF) to register malicious functions sourced from untrusted URIs. This could lead to potentially harmful actions being executed within the IoTDB environment. Users should promptly upgrade to version 1.3.4 to mitigate this vulnerability.

Affected Version(s)

Apache IoTDB 1.0.0 < 1.3.4

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Y4 tacker
Nbxiglk
.