CVE-2025-14758
- Source
- https://cve.org/CVERecord?id=CVE-2025-14758
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14758.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-14758
- Published
- 2025-12-16T00:33:32.971Z
- Modified
- 2026-04-02T12:33:28.989316Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Initialization of a Resource with an Insecure Default in YAOOK
- Details
-
Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/14xxx/CVE-2025-14758.json", "cna_assigner": "GitLab", "cwe_ids": [ "CWE-1188" ] }- References
Affected packages
Git / gitlab.com/yaook/operator
Affected versions
0.*
0.20240809.0
0.20240919.2
0.20241021.0
0.20241205.2
0.20250108.0
0.20250121.0
0.20250127.0
0.20250206.1
0.20250213.1
0.20250227.0
0.20250324.1
0.20250429.0
0.20250507.0
0.20250512.1
0.20250602.0
0.20250605.2
0.20250612.0
0.20250624.0
0.20250626.2
0.20250703.1
0.20250710.0
0.20250717.0
0.20250724.0
0.20250904.0
0.20250918.0
0.20251023.0
0.20251103.0
0.20251117.1
0.20251127.0
0.20251208.1