CVE-2025-48459

CVE-2025-48459: Apache IoTDB: Deserialization of untrusted Data

Vendor Apache Software Foundation

Product Apache IoTDB

Weakness CWE-502 · Unsafe deserialization

Published September 24, 2025

Last update November 4, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 2.0.5. Users are recommended to upgrade to version 2.0.5, which fixes the issue.

Key dates

Disclosure timeline

September 24, 2025 CVE published

November 4, 2025 Record updated