PT-2025-18795 · Hashicorp +1 · Vault Community +3

🗓️ 02 May 2025 00:00:00Reported by Positive TechnologiesType

ptsecurity

ptsecurity🔗 dbugs.ptsecurity.com👁 1 Views

Vault versions before 1.19.3 may expose sensitive data in logs from malformed payloads.

Reporter	Title	Published	Views	Family All 28
AlpineLinux	CVE-2025-4166	2 May 202514:57	–	alpinelinux
Chainguard	CVE-2025-4166 vulnerabilities	4 May 202513:14	–	cgr
Circl	CVE-2025-4166	2 May 202515:17	–	circl
CNNVD	HashiCorp Vault Enterprise和HashiCorp Vault Community 安全漏洞	2 May 202500:00	–	cnnvd
CVE	CVE-2025-4166	2 May 202514:57	–	cve
Cvelist	CVE-2025-4166 Vault May Include Sensitive Data in Error Logs When Using the KV v2 Plugin	2 May 202514:57	–	cvelist
EUVD	EUVD-2025-13240	3 Oct 202520:07	–	euvd
Github Security Blog	Hashicorp Vault Community vulnerable to Generation of Error Message Containing Sensitive Information	2 May 202515:31	–	github
NVD	CVE-2025-4166	2 May 202515:15	–	nvd
OPENSUSE Linux	govulncheck-vulndb-0.0.20250506T153719-1.1 on GA media (moderate)	8 May 202500:00	–	opensuse

Source	Link
bdu	www.bdu.fstec.ru/vul/2025-06973
osv	www.osv.dev/vulnerability/BIT-vault-2025-4166
osv	www.osv.dev/vulnerability/GO-2025-3663
osv	www.osv.dev/vulnerability/GHSA-gcqf-f89c-68hv
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-4166
osv	www.osv.dev/vulnerability/CVE-2025-4166
discuss	www.discuss.hashicorp.com/t/hcsec-2025-09-vault-may-expose-sensitive-information-in-error-logs-when-processing-malformed-data-with-the-kv-v2-plugin
github	www.github.com/hashicorp/vault
twitter	www.twitter.com/dailycve/status/1918855667286147392
github	www.github.com/advisories/GHSA-gcqf-f89c-68hv

12 Aug 2025 00:00Current

4.4Medium risk

Vulners AI Score4.4

CVSS 27.8

CVSS 3.14.5 - 6.5

EPSS0.00146

SSVC

vault community version vault enterprise version key value plugin sensitive information rest api access