CVE-2025-14758

MEDIUM

YAOOK Operator - Info Disclosure

Title source: llm

Description

Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials

References (1)

[Issue Tracking] https://gitlab.com/yaook/operator/-/issues/631

Scores

CVSS v3 6.5

EPSS 0.0004

EPSS Percentile 10.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1188

Status published

Products (1)

ALASCA/YAOOK 0.20240809.0 - 0.20251211.0

Published Dec 16, 2025

Tracked Since Feb 18, 2026