CVE-2025-62705
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-22

Last updated on: 2025-10-27

Assigner: GitHub, Inc.

Description
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent []byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64, all data would be emitted unredacted to the audit log, and Transit, when performing a signing operation with a derived Ed25519 key, would emit public keys to the audit log. This issue has been patched in OpenBao 2.4.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-22
Last Modified
2025-10-27
Generated
2026-06-16
AI Q&A
2025-10-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-62705
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openbao openbao to 2.3.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in OpenBao versions prior to 2.4.2 involves the audit log not properly redacting sensitive fields when certain subsystems send byte array response parameters instead of strings. As a result, sensitive data such as base64-encoded raw system data and public keys used in signing operations could be exposed in the audit logs. This issue was fixed in version 2.4.2.

Impact Analysis

The vulnerability can lead to sensitive information leakage through audit logs, exposing data such as raw system data and cryptographic public keys. This exposure could potentially aid attackers in understanding system internals or cryptographic operations, increasing the risk of further attacks or unauthorized access.

Mitigation Strategies

Upgrade OpenBao to version 2.4.2 or later, as this version includes the patch that properly redacts sensitive fields in audit logs to prevent leakage of byte response parameters and public keys.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62705. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart