VYPR
Moderate severityNVD Advisory· Published Jun 25, 2025· Updated Jun 25, 2025

OpenBao May Leak Sensitive Information in Logs When Processing Malformed Data

CVE-2025-52893

Description

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate from the earlier HCSEC-2025-09 / CVE-2025-4166. This issue has been fixed in OpenBao v2.3.0 and later. Like with HCSEC-2025-09, there is no known workaround except to ensure properly formatted requests from all clients.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/openbao/openbao/sdk/v2Go
< 2.3.02.3.0

Affected products

4

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.