Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN640 _____________________________________________________________________ DATE : 24/09/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Apache IoTDB versions prior to 2.0.5. ===================================================================== https://lists.apache.org/thread/1rn0637hptglmctf8cqd9425bj4q21td https://lists.apache.org/thread/mr84n19nv8d0bmcrfsj3mm5ff5qn4q2f _____________________________________________________________________ CVE-2025-48392: Apache IoTDB: DoS Vulnerability Severity: moderate Affected versions: - Apache IoTDB 1.3.3 through 1.3.4 - Apache IoTDB 2.0.1-beta through 2.0.4 Description: A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version 2.0.5, which fixes the issue. Credit: yyjLF (finder) References: https://iotdb.apache.org https://www.cve.org/CVERecord?id=CVE-2025-48392 _____________________________________________________________________ CVE-2025-48459: Apache IoTDB: Deserialization of untrusted Data Severity: moderate Affected versions: - Apache IoTDB 1.0.0 before 2.0.5 Description: Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 2.0.5. Users are recommended to upgrade to version 2.0.5, which fixes the issue. Credit: Sanny (finder) 75Acol (finder) stan fang (finder) Wu Jiang (finder) References: https://iotdb.apache.org https://www.cve.org/CVERecord?id=CVE-2025-48459 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================