4 matches found
CVE-2025-25069
The CVE-2025-25069 entry describes a Cross-Protocol Scripting vulnerability in Apache Kvrocks, where Kvrocks does not detect Host: or POST in RESP requests, allowing an HTTP request to be interpreted as a RESP request and potentially trigger dangerous database operations, especially when chained ...
CVE-2025-26413
CVE-2025-26413 describes an improper input validation in Apache Kvrocks where the SETRANGE command does not verify that the offset input is a positive integer, using it as a string index and potentially causing a server crash (out-of-range index). Affected versions are Kvrocks up to 2.11.1; remed...
CVE-2025-59790
CVE-2025-59790 affects Apache Kvrocks (versions 2.9.0–2.13.0). The root issue is improper privilege management, specifically relating to the RESET command, which can elevate privileges to administrator level. A fix is available in Kvrocks 2.14.0. Multiple sources (NVD, RH, CNVD, OSV, CNVD/others)...
CVE-2025-59792
CVE-2025-59792 affects Apache Kvrocks 1.0.0–2.13.0, where the MONITOR command discloses plaintext credentials. Root cause is information disclosure via MONITOR exposure to non-admins. Impact is exposure of sensitive data; CVSS vector indicates network access, low integrity/availability impact. A ...