Sensitive Information Exposure in Apache DolphinScheduler by Apache
CVE-2025-62188

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Dolphinscheduler
Vendor: CVE Published:; 9 April 2026

What is CVE-2025-62188?

A vulnerability in Apache DolphinScheduler allows unauthorized actors to potentially access sensitive information, including critical database credentials. This affects all versions within the 3.1.* series, making it essential for users to upgrade to version 3.2.0 or higher. For immediate mitigation, users can temporarily restrict access to management endpoints by setting specific environment variables or modifying their application configuration to limit exposure.

Affected Version(s)

Apache DolphinScheduler 3.1.0 < 3.2.0

References

https://lists.apache.org/thread/ffrmkcwgr2lcz0f5nnnyswhpn...

vendor-advisory

https://www.cve.org/CVERecord?id=CVE-2023-48796

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Oct 8, 2025

Credit

w aiyou

魏大创

CVE-2025-62188 Data

JSON