VYPR
Moderate severityNVD Advisory· Published May 2, 2025· Updated May 8, 2025

Vault May Include Sensitive Data in Error Logs When Using the KV v2 Plugin

CVE-2025-4166

Description

Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is fixed in Vault Community 1.19.3 and Vault Enterprise 1.19.3, 1.18.9, 1.17.16, 1.16.20.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/vaultGo
>= 0.3.0, < 1.19.31.19.3

Affected products

17

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.