Primary

Context

Apache IoTDB Deserialization of Untrusted Data Vulnerability

Vulnerability

Patched

A deserialization of untrusted data vulnerability exists in Apache IoTDB versions 1.0.0 prior to 2.0.5. This vulnerability could potentially be exploited due to improper handling of serialized data, leading to unintended consequences.

Impact

Exploitation of this vulnerability could allow for deserialization attacks, where an attacker manipulates serialized data to execute arbitrary code or cause other harmful effects on the application.

Remediation

Users are advised to upgrade to Apache IoTDB version 2.0.5 or later, which addresses this vulnerability.

Added: Sep 24, 2025, 8:16 AM

Updated: Sep 24, 2025, 8:16 AM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

10.0

exploitability

7.0

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

10.0

exploitability

7.0

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache IoTDB Deserialization of Untrusted Data Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache IoTDB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating