CVE-2025-67745— Myhoard logs backup encryption key in plain text
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-67745
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Myhoard logs backup encryption key in plain text
Source: NVD (National Vulnerability Database)
Vulnerability Description
MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
将私有的资源传输到一个新的空间(资源泄露)
Source: NVD (National Vulnerability Database)
Vulnerability Title
MyHoard 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MyHoard是Aiven Open开源的一个数据库备份恢复工具。 MyHoard 1.3.0之前版本存在安全漏洞,该漏洞源于日志记录备份信息不当,可能导致加密密钥泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Aiven-Open | myhoard | >= 1.0.1, < 1.3.0 | - |
II. Public POCs for CVE-2025-67745
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-67745
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: Aiven-Open
V. Comments for CVE-2025-67745
No comments yet