Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2025-62188

CVE-2025-62188: Apache DolphinScheduler Info Disclosure

CVE-2025-62188 is an information disclosure vulnerability in Apache DolphinScheduler that exposes sensitive data like database credentials to unauthorized actors. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2025-62188 Overview

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials, through improperly exposed management endpoints.

Critical Impact

Unauthorized access to sensitive configuration data including database credentials could lead to full database compromise, data theft, and potential lateral movement within affected environments.

Affected Products

  • Apache DolphinScheduler versions 3.1.*

Discovery Timeline

  • 2026-04-09 - CVE CVE-2025-62188 published to NVD
  • 2026-04-09 - Last updated in NVD database

Technical Details for CVE-2025-62188

Vulnerability Analysis

This vulnerability is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The core issue stems from overly permissive default configuration of management endpoints in Apache DolphinScheduler's web interface. When left with default settings, these endpoints expose sensitive application configuration data to unauthenticated users over the network.

The vulnerability allows remote attackers to query management endpoints without requiring any authentication or user interaction. The information disclosed through these endpoints can include database credentials, connection strings, and other sensitive configuration parameters that should remain protected from external access.

This issue has also been tracked as CVE-2023-48796, indicating a recurring or related security concern within the DolphinScheduler management endpoint exposure configuration.

Root Cause

The root cause of this vulnerability lies in the default configuration of Spring Boot Actuator management endpoints within Apache DolphinScheduler. By default, these endpoints may be exposed to the web without proper access restrictions, allowing any network-accessible client to retrieve sensitive application environment data including database credentials and internal configuration parameters.

Attack Vector

The attack vector is network-based and requires no authentication or user interaction. An attacker with network access to a vulnerable Apache DolphinScheduler instance can directly query the exposed management endpoints to retrieve sensitive information. The attack complexity is low, making this vulnerability easily exploitable by attackers who can reach the application over the network.

Attackers can access endpoints such as /actuator/env or similar Spring Boot Actuator endpoints to enumerate environment variables and configuration properties. This information disclosure can serve as a stepping stone for more severe attacks, including database compromise using the exposed credentials.

Detection Methods for CVE-2025-62188

Indicators of Compromise

  • Unexpected HTTP requests to management endpoints such as /actuator/env, /actuator/configprops, or /actuator/beans from external IP addresses
  • Access log entries showing successful (HTTP 200) responses to actuator endpoints from unauthenticated sources
  • Anomalous database authentication attempts using credentials that may have been harvested from exposed endpoints

Detection Strategies

  • Monitor web server and application access logs for requests targeting Spring Boot Actuator endpoints (paths containing /actuator/)
  • Implement network-level monitoring to detect reconnaissance attempts against DolphinScheduler management interfaces
  • Deploy web application firewalls (WAF) with rules to block or alert on requests to sensitive management endpoints

Monitoring Recommendations

  • Configure alerting for any access attempts to restricted actuator endpoints from non-administrative source IPs
  • Regularly audit DolphinScheduler configuration to ensure management endpoint exposure is properly restricted
  • Implement intrusion detection system (IDS) signatures to identify information disclosure attack patterns targeting Spring Boot applications

How to Mitigate CVE-2025-62188

Immediate Actions Required

  • Upgrade Apache DolphinScheduler to version 3.2.0 or later if currently running any 3.1.x version
  • Apply the temporary workaround configuration if immediate upgrade is not possible
  • Audit access logs to determine if the vulnerability may have been exploited prior to mitigation
  • Rotate any database credentials that may have been exposed through the vulnerable endpoints

Patch Information

Users are recommended to upgrade to version 3.2.0 or later if using Apache DolphinScheduler 3.1.x. The upgrade addresses the management endpoint exposure issue and provides proper default security configuration. Refer to the Apache Mailing List Thread for additional details on the security fix.

Workarounds

  • Restrict management endpoint exposure by setting the environment variable MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus
  • Alternatively, modify the application.yaml configuration file to limit exposed endpoints
  • Implement network-level access controls to restrict access to the DolphinScheduler management interface
  • Use a reverse proxy or firewall to block external access to actuator endpoints
bash
# Configuration example - Environment variable workaround
export MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus

# Alternatively, add to application.yaml:
# management:
#    endpoints:
#      web:
#         exposure:
#           include: health,metrics,prometheus

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne