Information disclosure in Yugabytedb Inc Anywhere
CVE-2025-8866
YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. An unauthenticated attacker could exploit this flaw to obtain server networking configuration details, including private and…
Vulnerability class: Information Disclosure
EPSS: 0.003 (18.9th percentile) — read the EPSS interpretation.
Affected products
- Yugabytedb Inc Anywhere — versions 2025.*, 2024.*, 2.20.*
Weakness classification (CWE)
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2025-8866?
- CVE-2025-8866 is a vulnerability in Yugabytedb Inc Anywhere, classified under Information Disclosure. Published 2025-08-11.
- Is CVE-2025-8866 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.