NULL pointer dereference in Yugabytedb Inc
CVE-2025-8865
The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs. An authenticated attacker could exploit this issue to crash the YCQL tablet serve…
EPSS: 0.002 (4.6th percentile) — read the EPSS interpretation.
Affected products
- Yugabytedb Inc — versions 2024.1.0.0, 2024.2.0.0, 2.20.0.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2025-8865?
- CVE-2025-8865 is a vulnerability in Yugabytedb Inc, classified under NULL Pointer Dereference. Published 2025-08-11.
- Is CVE-2025-8865 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.