CVE-2025-52893

🗓️ 25 Jun 2025 16:54:50Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 25 Views

OpenBao before v2.3.0 leaks sensitive information in logs when processing malformed data.

Reporter	Title	Published	Views	Family All 24
AlpineLinux	CVE-2025-52893	25 Jun 202516:54	–	alpinelinux
Circl	CVE-2025-52893	25 Jun 202518:06	–	circl
CNNVD	OpenBao 日志信息泄露漏洞	25 Jun 202500:00	–	cnnvd
CNVD	OpenBao Log Information Disclosure Vulnerability	4 Jul 202500:00	–	cnvd
Cvelist	CVE-2025-52893 OpenBao May Leak Sensitive Information in Logs When Processing Malformed Data	25 Jun 202516:54	–	cvelist
EUVD	EUVD-2025-19112	3 Oct 202520:07	–	euvd
Github Security Blog	OpenBao Inserts Sensitive Information into Log File when processing malformed data	26 Jun 202521:25	–	github
NVD	CVE-2025-52893	25 Jun 202517:15	–	nvd
OPENSUSE Linux	openbao-2.3.1-1.1 on GA media (moderate)	5 Jul 202500:00	–	opensuse
OSV	CVE-2025-52893 OpenBao May Leak Sensitive Information in Logs When Processing Malformed Data	25 Jun 202516:54	–	osv

NVD

Vulners

Node

openbao openbaoRange<2.3.0

[
  {
    "vendor": "openbao",
    "product": "openbao",
    "versions": [
      {
        "version": "< 2.3.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/go-viper/mapstructure/pull/105
github	www.github.com/go-viper/mapstructure/releases/tag/v2.3.0
github	www.github.com/openbao/openbao/security/advisories/GHSA-8f5r-8cmq-7fmq
github	www.github.com/go-viper/mapstructure/commit/ed3f92181528ff776a0324107b8b55026e93766a
github	www.github.com/openbao/openbao/commit/cf5e920badbf96b41253534a3fd5ff5063bf4b30
discuss	www.discuss.hashicorp.com/t/hcsec-2025-09-vault-may-expose-sensitive-information-in-error-logs-when-processing-malformed-data-with-the-kv-v2-plugin/74717

12 Aug 2025 20:53Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.14.5

EPSS0.00069

SSVC

CWE-532