Information disclosure in Yugabytedb Inc Anywhere
CVE-2025-8864
Shared Access Signature token is not masked in the backup configuration response and is also exposed in the yb_backup logs
EPSS: 0.002 (5.2th percentile) — read the EPSS interpretation.
Affected products
- Yugabytedb Inc Anywhere — versions 2.20.0.0, 2.23.0.0, 2024.1.0.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2025-8864?
- CVE-2025-8864 is a vulnerability in Yugabytedb Inc Anywhere, classified under Insertion of Sensitive Information into Log File. Published 2025-08-11.
- Is CVE-2025-8864 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.