Path Traversal Vulnerability in Apache IoTDB Affects Multiple Versions
CVE-2025-55017

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Iotdb
Vendor: CVE Published:; 26 June 2026

What is CVE-2025-55017?

A Path Traversal vulnerability has been identified in Apache IoTDB, allowing attackers to access restricted directories through improper pathname limitations. This affects versions 2.0.0 to 2.0.5 and 1.0.0 to 1.3.5. Users should ensure they upgrade to at least version 1.3.6 or 2.0.6 to protect against potential unauthorized access to sensitive data.

Affected Version(s)

Apache IoTDB 2.0.0 < 2.0.6

Apache IoTDB 1.0.0 < 1.3.6

References

https://lists.apache.org/thread/lk08wlxq9sp64mo8hw6wvjxd3...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Aug 5, 2025

Credit

CVE-2025-55017 Data

JSON