{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8863", "assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078", "state": "PUBLISHED", "assignerShortName": "Yugabyte", "dateReserved": "2025-08-11T12:43:56.931Z", "datePublished": "2025-08-11T13:03:18.238Z", "dateUpdated": "2025-08-11T15:08:45.940Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "yugabyte", "platforms": ["MacOS", "Linux", "ARM", "x86"], "product": "YugabyteDB", "repo": "https://github.com/yugabyte/yugabyte-db", "vendor": "YugabyteDB Inc", "versions": [{"lessThan": "2024.1.3", "status": "affected", "version": "2024.1.0", "versionType": "custom"}, {"lessThan": "2.20.7.0", "status": "affected", "version": "2.20.0.0", "versionType": "custom"}, {"lessThan": "2.23.1.0", "status": "affected", "version": "2.23.0.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: transparent;\">YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission</span><br>"}], "value": "YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission"}], "impacts": [{"capecId": "CAPEC-94", "descriptions": [{"lang": "en", "value": "CAPEC-94 Adversary in the Middle (AiTM)"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078", "shortName": "Yugabyte", "dateUpdated": "2025-08-11T13:03:18.238Z"}, "references": [{"url": "https://docs.yugabyte.com/preview/secure/vulnerability-disclosure-policy/"}], "source": {"defect": ["DB-12726"], "discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-11T15:08:36.280845Z", "id": "CVE-2025-8863", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-11T15:08:45.940Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8863", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-11T15:08:36.280845Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-11T15:08:39.119Z"}}], "cna": {"source": {"defect": ["DB-12726"], "discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-94", "descriptions": [{"lang": "en", "value": "CAPEC-94 Adversary in the Middle (AiTM)"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:L/SA:L", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/yugabyte/yugabyte-db", "vendor": "YugabyteDB Inc", "product": "YugabyteDB", "versions": [{"status": "affected", "version": "2024.1.0", "lessThan": "2024.1.3", "versionType": "custom"}, {"status": "affected", "version": "2.20.0.0", "lessThan": "2.20.7.0", "versionType": "custom"}, {"status": "affected", "version": "2.23.0.0", "lessThan": "2.23.1.0", "versionType": "custom"}], "platforms": ["MacOS", "Linux", "ARM", "x86"], "packageName": "yugabyte", "defaultStatus": "unaffected"}], "references": [{"url": "https://docs.yugabyte.com/preview/secure/vulnerability-disclosure-policy/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: transparent;\">YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078", "shortName": "Yugabyte", "dateUpdated": "2025-08-11T13:03:18.238Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8863", "state": "PUBLISHED", "dateUpdated": "2025-08-11T15:08:45.940Z", "dateReserved": "2025-08-11T12:43:56.931Z", "assignerOrgId": "d4ae51d3-4db5-465e-bc8a-eb6768324078", "datePublished": "2025-08-11T13:03:18.238Z", "assignerShortName": "Yugabyte"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission"}, {"lang": "es", "value": "La informaci\u00f3n de diagn\u00f3stico de YugabyteDB se transmiti\u00f3 a trav\u00e9s de HTTP, lo que podr\u00eda exponer datos confidenciales durante la transmisi\u00f3n."}], "id": "CVE-2025-8863", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@yugabyte.com", "type": "Secondary"}]}, "published": "2025-08-11T13:15:39.790", "references": [{"source": "security@yugabyte.com", "url": "https://docs.yugabyte.com/preview/secure/vulnerability-disclosure-policy/"}], "sourceIdentifier": "security@yugabyte.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "security@yugabyte.com", "type": "Secondary"}]}

{"bugzilla": {"description": "yugabytedb: YugabyteDB information exposure", "id": "2387620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387620"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-319", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-8863", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Fix deferred", "package_name": "yugabytedb", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Fix deferred", "package_name": "yugabytedb", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}], "public_date": "2025-08-11T13:03:18Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-8863\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-8863\nhttps://docs.yugabyte.com/preview/secure/vulnerability-disclosure-policy/"], "threat_severity": "Low"}

{"created": "2025-08-12T11:47:01.690852+00:00", "updated": "2025-08-12T11:47:01.690910+00:00", "vendors": ["yugabyte", "yugabyte$PRODUCT$yugabytedb"]}