CVE-2025-62188

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler.<br /> <br /> This vulnerability may allow unauthorized actors to access sensitive information, including database credentials.<br /> <br /> <br /> This issue affects Apache DolphinScheduler versions 3.1.*.<br /> <br /> <br /> Users are recommended to upgrade to:<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> * version ≥ 3.2.0 if using 3.1.x<br /> <br /> <br /> <br /> <br /> <br /> <br /> As a temporary workaround, users who cannot upgrade immediately may restrict the exposed management endpoints by setting the following environment variable:<br /> <br /> <br /> ```<br /> MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus<br /> ```<br /> <br /> Alternatively, add the following configuration to the application.yaml file:<br /> <br /> <br /> ```<br /> management:<br />    endpoints:<br />      web:<br />         exposure:<br />           include: health,metrics,prometheus<br /> ```<br /> <br /> This issue has been reported as CVE-2023-48796:<br /> <br /> https://cveprocess.apache.org/cve5/CVE-2023-48796