Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN830 _____________________________________________________________________ DATE : 02/12/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Apache Kvrocks versions prior to 2.14.0. ===================================================================== https://lists.apache.org/thread/jfyr1h4v2pjj1t5p6tkm0drv1rh064ml https://lists.apache.org/thread/bvohlc0fmdh4z96n1vhw32fbtx2dtbws _____________________________________________________________________ CVE-2025-59790: Apache Kvrocks: RESET command grants admin privileges Severity: critical Affected versions: - Apache Kvrocks 2.9.0 through 2.13.0 Description: Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue. Credit: Mapta / BugBunny_ai (reporter) References: https://kvrocks.apache.org https://www.cve.org/CVERecord?id=CVE-2025-59790 _____________________________________________________________________ CVE-2025-59792: Apache Kvrocks: MONITOR command reveals plaintext credentials to non-admins Severity: important Affected versions: - Apache Kvrocks 1.0.0 through 2.13.0 Description: Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue. Credit: Mapta / BugBunny_ai (reporter) References: https://kvrocks.apache.org https://www.cve.org/CVERecord?id=CVE-2025-59792 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================