Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-62705— OpenBao and Vault Leak []byte Fields in Audit Logs

EPSS 0.04% · P13
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-62705

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
OpenBao and Vault Leak []byte Fields in Audit Logs
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent []byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64, all data would be emitted unredacted to the audit log, and Transit, when performing a signing operation with a derived Ed25519 key, would emit public keys to the audit log. This issue has been patched in OpenBao 2.4.2.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过日志文件的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenBao 日志信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenBao是OpenBao开源的一个敏感数据管理软件。 OpenBao 2.4.2之前版本存在日志信息泄露漏洞,该漏洞源于审计日志未正确编辑字节数组响应参数,可能导致敏感数据泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
openbaoopenbao < 2.4.2 -

II. Public POCs for CVE-2025-62705

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-62705

登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: openbao
Same vendor: openbao
Same weakness: CWE-532

V. Comments for CVE-2025-62705

No comments yet

Leave a comment