CVE-2025-52893

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate from the earlier HCSEC-2025-09 / CVE-2025-4166. This issue has been fixed in OpenBao v2.3.0 and later. Like with HCSEC-2025-09, there is no known workaround except to ensure properly formatted requests from all clients.
Configurations

No configuration.

History

26 Jun 2025, 18:57

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-25 17:15

Updated : 2025-06-26 18:57


NVD link : CVE-2025-52893

Mitre link : CVE-2025-52893

CVE.ORG link : CVE-2025-52893


JSON object : View

Products Affected

No product.

CWE
CWE-532

Insertion of Sensitive Information into Log File