Skip to main content

Openbao CVE-2025-54996

HIGH
Improper Privilege Management (CWE-269)
2025-08-09 security-advisories@github.com
7.2
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 28, 2026 - 19:06 vuln.today
CVE Published
Aug 09, 2025 - 02:15 nvd
HIGH 7.2

DescriptionGitHub Advisory

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to the root policy. While the identity system allowed adding arbitrary policies, which in turn could contain capability grants on arbitrary paths, the root policy was restricted to manual generation using unseal or recovery key shares. The global root policy was not accessible from child namespaces. This issue is fixed in version 2.3.2. To workaround this vulnerability, use of denied_parameters in any policy which has access to the affected identity endpoints (on identity entities) may be sufficient to prohibit this type of attack.

AnalysisAI

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to the root policy. While the identity system allowed adding arbitrary policies, which in turn could contain capability grants on arbitrary paths, the root policy was restricted to manual generation using unseal or recovery key shares. The global root policy was not accessible from child namespaces. This issue is fixed in version 2.3.2. To workaround this vulnerability, use of denied_parameters in any policy which has access to the affected identity endpoints (on identity entities) may be sufficient to prohibit this type of attack. Affected products include: Openbao. Version information: version 2.3.2..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.

CVE-2024-2048 CRITICAL
9.8 Mar 04

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when con

CVE-2025-54997 CRITICAL
9.1 Aug 09

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certifi

CVE-2024-7594 HIGH
8.8 Sep 26

Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. Rated high severity

CVE-2025-52894 HIGH
7.5 Jun 25

OpenBao versions before 2.3.0 contain an unauthenticated denial-of-service vulnerability in the root rekey and recovery

CVE-2025-64761 HIGH
7.5 Nov 25

OpenBao is an open source identity-based secrets management system. Rated high severity (CVSS 7.5), this vulnerability i

CVE-2024-8185 HIGH
7.5 Oct 31

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a den

CVE-2024-9180 HIGH
7.2 Oct 10

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or

CVE-2025-54998 MEDIUM
5.3 Aug 09

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certifi

CVE-2025-4166 MEDIUM
4.5 May 02

Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in

CVE-2025-52893 MEDIUM
4.5 Jun 25

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certifi

CVE-2026-39396 LOW
3.1 Apr 21

Disk exhaustion via decompression bomb in OpenBao's OCI plugin downloader allows network attackers to exhaust victim dis

CVE-2026-40264 LOW
2.0 Apr 21

OpenBao versions prior to 2.5.3 allow high-privileged administrators in one tenant to revoke or renew authentication tok

Vendor StatusVendor

SUSE

Severity: High
Product Status
Container suse/sl-micro/6.0/base-os-container:latest Image SL-Micro Image SLE-Micro Image SLE-Micro-EC2 Affected
Container suse/sl-micro/6.0/toolbox:latest Affected
SUSE Linux Enterprise Server 16.0 Fixed
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Server 16.0 Fixed

Share

CVE-2025-54996 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy