Severity by source
AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionGitHub Advisory
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate from the earlier HCSEC-2025-09 / CVE-2025-4166. This issue has been fixed in OpenBao v2.3.0 and later. Like with HCSEC-2025-09, there is no known workaround except to ensure properly formatted requests from all clients.
Analysis
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate from the earlier HCSEC-2025-09 / CVE-2025-4166. This issue has been fixed in OpenBao v2.3.0 and later. Like with HCSEC-2025-09, there is no known workaround except to ensure properly formatted requests from all clients.
Technical ContextAI
Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls. This vulnerability is classified as Insertion of Sensitive Information into Log File (CWE-532).
RemediationAI
A vendor patch is available — apply it immediately. Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when con
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certifi
Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. Rated high severity
OpenBao versions before 2.3.0 contain an unauthenticated denial-of-service vulnerability in the root rekey and recovery
OpenBao is an open source identity-based secrets management system. Rated high severity (CVSS 7.5), this vulnerability i
Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a den
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certifi
Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in
Disk exhaustion via decompression bomb in OpenBao's OCI plugin downloader allows network attackers to exhaust victim dis
OpenBao versions prior to 2.5.3 allow high-privileged administrators in one tenant to revoke or renew authentication tok
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certifi
Same technique Information Disclosure
View allVendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| jammy | DNE | - |
| noble | DNE | - |
| oracular | DNE | - |
| upstream | needs-triage | - |
| questing | needs-triage | - |
| plucky | ignored | end of life, was needs-triage |
Debian
Bug #1069794| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| open | - | - |
SUSE
Severity: Medium| Product | Status |
|---|---|
| SUSE Linux Enterprise Server 16.0 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Linux Enterprise Server 16.0 | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-19112
GHSA-8f5r-8cmq-7fmq