Date: 11 December 2025
Severity: Critical
Overview
A critical security vulnerability has been identified in the Cumulocity Platform services that may allow unauthorized access or compromise of sensitive information if left unpatched. A validated fix has been released and is available for immediate deployment. All operators of the Cumulocity Platform are advised to take corrective action.
Scope of Impact
This advisory applies to all deployments of the Cumulocity Platform, including:
- Cloud-Operated Environments: All the Public and dedicated environments managed by Cumulocity Cloud Operations team
- Self-Hosted Cumulocity Installations operated by customers on their own.
- Cumulocity Edge Deployments.
Required Actions
Cumulocity Cloud Deployments
A hotfix has been released, below are the fix details
For Cumulocity versions 2025 and 2024, the hotfix can be retrieved from the public Cumulocity Installation Artifact Registry. Please upgrade the cumulocity-ontoplb component to the version listed below, following the instructions in the Cumulocity Multi-Node Installation Guide.
For environments running version 10.18, please contact Support for further assistance.
Version Details
- 2025: upgrade to cumulocity-ontoplb 2025.8.1
- 2024: upgrade to cumulocity-ontoplb 2024.6.0
- 10.18: please contact support
Note: If your instance is run by the Cumulocity Operations or Managed services team, they will handle this required fix.
Edge Customers
Customers using Edge on Kubernetes:
- Versions 2025.0.10 and newer: No action is required.
- Versions older than 2025.0.10: It is recommended that you upgrade to version 2025.0.10 or later. If upgrading is not possible, please contact support for assistance.
Customers using Edge Appliance:
- Appliance 1018.0.1 users: Please plan to migrate to the Edge Operator solution. If migration is not currently feasible, please contact support.
Support
If you have additional questions or need further clarification, please contact Support