VYPR
Unrated severityNVD Advisory· Published Jun 19, 2025· Updated Jun 20, 2025

RabbitMQ Node can log Basic Auth header from an HTTP request

CVE-2025-50200

Description

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.