CVE-2025-52893: OpenBao Inserts Sensitive Information into Log File when processing malformed data
(updated )
OpenBao before v2.3.0 and HashiCorp Vault as of the current v1.19.5 may leak sensitive information in logs when processing malformed data. This is separate from the earlier HCSEC-2025-09 / CVE-2025-4166.
References
- discuss.hashicorp.com/t/hcsec-2025-09-vault-may-expose-sensitive-information-in-error-logs-when-processing-malformed-data-with-the-kv-v2-plugin/74717
- github.com/advisories/GHSA-8f5r-8cmq-7fmq
- github.com/go-viper/mapstructure/commit/ed3f92181528ff776a0324107b8b55026e93766a
- github.com/go-viper/mapstructure/pull/105
- github.com/go-viper/mapstructure/releases/tag/v2.3.0
- github.com/openbao/openbao/commit/cf5e920badbf96b41253534a3fd5ff5063bf4b30
- github.com/openbao/openbao/security/advisories/GHSA-8f5r-8cmq-7fmq
- nvd.nist.gov/vuln/detail/CVE-2025-52893
Code Behaviors & Features
Detect and mitigate CVE-2025-52893 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →