Path Traversal Vulnerability in Apache IoTDB
CVE-2025-64152

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Iotdb
Vendor: CVE Published:; 26 June 2026

What is CVE-2025-64152?

A Path Traversal vulnerability exists in Apache IoTDB that allows an attacker to bypass security restrictions and access restricted directories by manipulating input paths. This flaw can be exploited to return sensitive information from the server. The affected versions are 1.0.0 before 1.3.6 and 2.0.0 before 2.0.7. Users are strongly advised to upgrade to the latest versions, 1.3.6 and 2.0.7, to mitigate this security risk.

Affected Version(s)

Apache IoTDB 1.0.0 < 1.3.6

Apache IoTDB 2.0.0 < 2.0.7

References

https://lists.apache.org/thread/sjms84rlt4g78fwmjcowxmtjp...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Oct 28, 2025

Credit

Yan Nan (Detecon Security Lab)

CVE-2025-64152 Data

JSON