CVE-2025-62705

Medium CVSS: 5.7

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent []byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64, all data would be emitted unredacted to the audit log, and Transit, when performing a signing operation with a derived Ed25519 key, would emit public keys to the audit log. This issue has been patched in OpenBao 2.4.2.

Vendor

Openbao

Product

Openbao

CWE

CWE-532

Yayın Tarihi

2025-10-22 22:15:35

Güncelleme

2025-10-27 20:27:05

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-532 Openbao MEDIUM Openbao 2025

Referanslar

https://github.com/openbao/openbao/commit/cc2c476bac66e1d94776c2629793daec3af625f8 https://github.com/openbao/openbao/security/advisories/GHSA-rc54-2g2c-g36g

Benzer Kayıtlar

Critical

CVE-2026-33757

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for…

Critical

CVE-2026-33758

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that h…

High

CVE-2025-64761

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could…

High

CVE-2025-59048

OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is v…

Medium

CVE-2025-62513

OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log expe…

High

CVE-2025-59043

OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects aft…