{"id":"CVE-2025-26864","details":"Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB.\n\nThis issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2.\n\nUsers are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue.","aliases":["GHSA-5fc3-pqf2-57cx","PYSEC-2025-60"],"modified":"2026-04-10T05:24:38.723012Z","published":"2025-05-14T11:16:28.437Z","references":[{"type":"ADVISORY","url":"https://lists.apache.org/thread/2kcjnlypppk8qjh17dpz0jvkcpn6l162"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2025/05/14/4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/iotdb","events":[{"introduced":"aaaaf506d9c731231f97d8813528cbf062760d40"},{"fixed":"1e88013f3463c99ff81f244eb612e178582e82f5"},{"introduced":"0"},{"last_affected":"5f31648e60548d2d784a8f23b861efdd1a309d18"}],"database_specific":{"versions":[{"introduced":"0.10.0"},{"fixed":"1.3.4"},{"introduced":"0"},{"last_affected":"2.0.1-beta"}]}}],"versions":["before-moving-extras","v2.0.1-beta"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-26864.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}