Privilege Escalation

OpenBao is vulnerable to Privilege Escalation. The vulnerability is due to improper access control in the identity group subsystem, which allows a privileged operator to assign root policies to group identities and escalate permissions...

CVE-2025-64761

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when...

CVE-2025-64761 OpenBao Privileged Operator Identity Group Root Escalation

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when...

CVE-2025-64761

OpenBao Open Source Secrets Management (OpenBao) is affected by CVE-2025-64761 prior to version 2.4.4. A privileged operator in the root namespace could abuse the identity group subsystem to add a root policy to a group, escalating permissions. Alternatively, an operator with policy access could ...

EUVD-2025-198991

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when...

OpenBao 安全漏洞

OpenBao is an OpenBao open source sensitive data management software. A security vulnerability exists in OpenBao versions prior to 2.4.4, which stems from an improper assignment of privileges in the Identity Group subsystem, which could lead to elevated privileges...