CVE-2025-57813: traQ Allows Insertion of Sensitive Information into Log File

August 26, 2025

A vulnerability exists where sensitive information, such as OAuth tokens, is recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an SQL error by methods such as placing a high load on the database. This could allow an attacker who has the authority to view the log files to illicitly acquire the recorded sensitive information.

References

github.com/advisories/GHSA-27r7-3m9x-r533
github.com/traPtitech/traQ
github.com/traPtitech/traQ/commit/ce5da94f5d5a8348f9ecdc82140b6f53b3721698
github.com/traPtitech/traQ/pull/2787
github.com/traPtitech/traQ/security/advisories/GHSA-27r7-3m9x-r533
nvd.nist.gov/vuln/detail/CVE-2025-57813

Code Behaviors & Features

Detect and mitigate CVE-2025-57813 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →