Vulnerability in Yugabytedb Inc
CVE-2025-8862
YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigate this, we recommend upgrading the database to a version where this information is properly redacte…
EPSS: 0.003 (23.5th percentile) — read the EPSS interpretation.
Affected products
- Yugabytedb Inc — versions 2024.1.0, 2.20.0.0, 2.23.0.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2025-8862?
- CVE-2025-8862 is a vulnerability in Yugabytedb Inc, classified under Insertion of Sensitive Information into Sent Data. Published 2025-08-11.
- Is CVE-2025-8862 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.