Sensitive Information Exposure in Apache DolphinScheduler by Apache
CVE-2025-62188

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Dolphinscheduler
Vendor: CVE Published:; 9 April 2026

What is CVE-2025-62188?

A vulnerability in Apache DolphinScheduler allows unauthorized actors to potentially access sensitive information, including critical database credentials. This affects all versions within the 3.1.* series, making it essential for users to upgrade to version 3.2.0 or higher. For immediate mitigation, users can temporarily restrict access to management endpoints by setting specific environment variables or modifying their application configuration to limit exposure.

Affected Version(s)

Apache DolphinScheduler 3.1.0 < 3.2.0

References

https://lists.apache.org/thread/ffrmkcwgr2lcz0f5nnnyswhpn...

vendor-advisory

https://www.cve.org/CVERecord?id=CVE-2023-48796

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Oct 8, 2025

Credit

w aiyou

魏大创

CVE-2025-62188 Data

JSON