CVE-2025-62705
BaseFortify
Publication date: 2025-10-22
Last updated on: 2025-10-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openbao | openbao | to 2.3.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in OpenBao versions prior to 2.4.2 involves the audit log not properly redacting sensitive fields when certain subsystems send byte array response parameters instead of strings. As a result, sensitive data such as base64-encoded raw system data and public keys used in signing operations could be exposed in the audit logs. This issue was fixed in version 2.4.2.
How can this vulnerability impact me? :
The vulnerability can lead to sensitive information leakage through audit logs, exposing data such as raw system data and cryptographic public keys. This exposure could potentially aid attackers in understanding system internals or cryptographic operations, increasing the risk of further attacks or unauthorized access.
What immediate steps should I take to mitigate this vulnerability?
Upgrade OpenBao to version 2.4.2 or later, as this version includes the patch that properly redacts sensitive fields in audit logs to prevent leakage of byte response parameters and public keys.