Unauthenticated Access in EDB Hybrid Manager by EnterpriseDB
CVE-2025-14038

7HIGH

Key Information:

Vendor: Enterprisedb
Status: Hybrid Manager - Lts; Hybrid Manager - Innovation
Vendor: CVE Published:; 15 December 2025

🔔 Create Enterprisedb Vulnerability Alert

What is CVE-2025-14038?

EDB Hybrid Manager contains a security flaw that enables unauthenticated attackers to access specific gRPC endpoints, potentially allowing them to read sensitive data or launch denial-of-service attacks by sending malformed data. This issue arises from misconfigurations within the Istio Gateway, which governs the authentication and authorization protocols for these endpoints. Affected organizations should upgrade to EDB Hybrid Manager version 1.3.3 for the LTS version, and 2025.12 for the Innovation version, to mitigate associated risks.

Affected Version(s)

Hybrid Manager - Innovation 2025

Hybrid Manager - LTS 1.3

Hybrid Manager - LTS 1.3 < 1.3.3

References

https://www.enterprisedb.com/docs/security/advisories/cve...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 15, 2025
Vulnerability Reserved
Dec 4, 2025

JSON