CVE-2025-14758

MEDIUM

YAOOK Operator - Info Disclosure

Title source: llm

Description

Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials

References (1)

[Issue Tracking] https://gitlab.com/yaook/operator/-/issues/631

Scores

CVSS v3 6.5

EPSS 0.0003

EPSS Percentile 9.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-1188

Status draft

Timeline

Published Dec 16, 2025

Tracked Since Feb 18, 2026