CVE 7 HIGH

CVE-2025-8863_CVE-2025-8863

August 11, 2025 invoker category_cve

7 / 10

HIGH

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:L/SA:L

Description

YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission

AI Analysis

YugabyteDB transmitted diagnostic information over an insecure HTTP connection, potentially exposing sensitive data during transmission.

Basic Information

ID CVE-2025-8863

Source Yugabyte

Published Aug 11, 2025 at 13:03

Affected Product

Vendor YugabyteDB Inc

Product YugabyteDB

Version 2024.1.0

Affected Versions YugabyteDB Inc YugabyteDB 2024.1.0
YugabyteDB Inc YugabyteDB 2.20.0.0
YugabyteDB Inc YugabyteDB 2.23.0.0

CWE Classification

CWE-319

AI Assessment

AI Severity High

Vendor YugabyteDB Inc

Product YugabyteDB

Version 2024.1.0, 2.20.0.0, 2.23.0.0

References

docs.yugabyte.com /preview/secure/vulnerability-disclosure-policy/

{
    "lastseen": "",
    "description": "YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission",
    "published": "2025-08-11T13:03:18.238Z",
    "modified": "2025-08-11T13:03:18.238Z",
    "type": "cve",
    "title": "CVE-2025-8863",
    "source": "Yugabyte",
    "references": "https://docs.yugabyte.com/preview/secure/vulnerability-disclosure-policy/",
    "id": "CVE-2025-8863",
    "bulletinFamily": "",
    "cwe": [
        "CWE-319"
    ],
    "cvelist": null,
    "sourceData": "YugabyteDB Inc YugabyteDB 2024.1.0\nYugabyteDB Inc YugabyteDB 2.20.0.0\nYugabyteDB Inc YugabyteDB 2.23.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:L/SA:L",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "YugabyteDB",
    "version": "2024.1.0",
    "vendor": "YugabyteDB Inc",
    "ai_description": "YugabyteDB transmitted diagnostic information over an insecure HTTP connection, potentially exposing sensitive data during transmission.",
    "ai_severity": "High",
    "ai_vendor": "YugabyteDB Inc",
    "ai_product": "YugabyteDB",
    "ai_version": "2024.1.0, 2.20.0.0, 2.23.0.0",
    "ai_score": 0
}

💭 Join the Security Discussion ❌ Cancel Reply