VYPR
Critical severityNVD Advisory· Published Sep 24, 2025· Updated Nov 4, 2025

Apache IoTDB: Deserialization of untrusted Data

CVE-2025-48459

Description

Deserialization of Untrusted Data vulnerability in Apache IoTDB.

This issue affects Apache IoTDB: from 1.0.0 before 2.0.5.

Users are recommended to upgrade to version 2.0.5, which fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.iotdb:iotdb-confignodeMaven
>= 1.0.0, < 2.0.52.0.5
apache-iotdbPyPI
>= 1.0.0, < 2.0.52.0.5

Affected products

3

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.