CVE 9.1 CRITICAL

Apache IoTDB: Path Traversal Vulnerability_CVE-2025-55017

June 26, 2026 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB.

This issue affects Apache IoTDB: from 2.0.0 before 2.0.6, from 1.0.0 before 1.3.6.

Users are recommended to upgrade to version 1.3.6 and 2.0.6, which fixes the issue.

AI Analysis

Path Traversal vulnerability in Apache IoTDB allowing unauthorized access to sensitive data

Basic Information

ID CVE-2025-55017

Source apache

Published Jun 26, 2026 at 12:15

Modified Jun 26, 2026 at 18:35

Affected Product

Vendor Apache Software Foundation

Product Apache IoTDB

Version 2.0.0

Affected Versions Apache Software Foundation Apache IoTDB 2.0.0
Apache Software Foundation Apache IoTDB 1.0.0

CWE Classification

CWE-22

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Apache Software Foundation

Product Apache IoTDB

Version 1.0.0-1.3.5, 2.0.0-2.0.5

References

lists.apache.org /thread/lk08wlxq9sp64mo8hw6wvjxd3bh3lpqg

{
    "lastseen": "",
    "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB.\n\nThis issue affects Apache IoTDB: from 2.0.0 before 2.0.6, from 1.0.0 before 1.3.6.\n\nUsers are recommended to upgrade to version 1.3.6 and 2.0.6, which fixes the issue.",
    "published": "2026-06-26T12:15:53.226Z",
    "modified": "2026-06-26T18:35:21.837Z",
    "type": "cve",
    "title": "Apache IoTDB: Path Traversal Vulnerability",
    "source": "apache",
    "references": "https://lists.apache.org/thread/lk08wlxq9sp64mo8hw6wvjxd3bh3lpqg",
    "id": "CVE-2025-55017",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache IoTDB 2.0.0\nApache Software Foundation Apache IoTDB 1.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache IoTDB",
    "version": "2.0.0",
    "vendor": "Apache Software Foundation",
    "ai_description": "Path Traversal vulnerability in Apache IoTDB allowing unauthorized access to sensitive data",
    "ai_severity": "Critical",
    "ai_vendor": "Apache Software Foundation",
    "ai_product": "Apache IoTDB",
    "ai_version": "1.0.0-1.3.5, 2.0.0-2.0.5",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply