CVE-2025-52893 OpenBao May Leak Sensitive Information in Logs When Processing Malformed Data

🗓️ 25 Jun 2025 16:54:50Reported by GoogleType

osv

osv🔗 osv.dev👁 5 Views

OpenBao before v2.3.0 may leak sensitive data in logs when processing malformed requests.

Reporter	Title	Published	Views	Family All 24
AlpineLinux	CVE-2025-52893	25 Jun 202516:54	–	alpinelinux
Circl	CVE-2025-52893	25 Jun 202518:06	–	circl
CNNVD	OpenBao 日志信息泄露漏洞	25 Jun 202500:00	–	cnnvd
CNVD	OpenBao Log Information Disclosure Vulnerability	4 Jul 202500:00	–	cnvd
CVE	CVE-2025-52893	25 Jun 202516:54	–	cve
Cvelist	CVE-2025-52893 OpenBao May Leak Sensitive Information in Logs When Processing Malformed Data	25 Jun 202516:54	–	cvelist
EUVD	EUVD-2025-19112	3 Oct 202520:07	–	euvd
Github Security Blog	OpenBao Inserts Sensitive Information into Log File when processing malformed data	26 Jun 202521:25	–	github
NVD	CVE-2025-52893	25 Jun 202517:15	–	nvd
OPENSUSE Linux	openbao-2.3.1-1.1 on GA media (moderate)	5 Jul 202500:00	–	opensuse

Source	Link
discuss	www.discuss.hashicorp.com/t/hcsec-2025-09-vault-may-expose-sensitive-information-in-error-logs-when-processing-malformed-data-with-the-kv-v2-plugin/74717
github	www.github.com/go-viper/mapstructure/releases/tag/v2.3.0
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2025/52xxx/CVE-2025-52893.json
github	www.github.com/openbao/openbao/security/advisories/GHSA-8f5r-8cmq-7fmq
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-52893
github	www.github.com/go-viper/mapstructure/commit/ed3f92181528ff776a0324107b8b55026e93766a
github	www.github.com/go-viper/mapstructure/pull/105
github	www.github.com/openbao/openbao/commit/cf5e920badbf96b41253534a3fd5ff5063bf4b30

10 Apr 2026 05:30Current

4.4Medium risk

Vulners AI Score4.4

CVSS 3.14.5

EPSS0.00275

cve-2025-52893 openbao software data leak sensitive information log processing