CVE-2025-59792

CVE-2025-59792: Apache Kvrocks: MONITOR command reveals plaintext credentials to non-admins

Vendor Apache Software Foundation

Product Apache Kvrocks

Published November 28, 2025

Last update November 28, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.

Key dates

Disclosure timeline

November 28, 2025 CVE published

November 28, 2025 Record updated