CVE-2025-4166

Vault Community and Vault Enterprise Key/Value kv Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure when validating malformed payloads in the Validate function used by the KV v2 plugin. If payloads containing secrets are sent in creation or update requests to the REST API and caught by the validator, their content...

CVE-2025-4166

CVE-2025-4166 affects Vault Community and Vault Enterprise KV v2 plugin. When handling malformed payloads during secret create/update via the Vault REST API, servers/audit logs may leak sensitive information due to error message content. The issue is fixed in Vault Community 1.19.3 and Vault Ente...

PT-2025-18795 · Hashicorp +1 · Vault Community +3

Name of the Vulnerable Software and Affected Versions: Vault Community versions prior to 1.19.3 Vault Enterprise versions prior to 1.19.3, 1.18.9, 1.17.16, 1.16.20 Description: The Key/Value kv Version 2 plugin in Vault Community and Vault Enterprise may unintentionally expose sensitive informati...