CVE-2025-62705

Name
CVE-2025-62705
Description
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent []byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64, all data would be emitted unredacted to the audit log, and Transit, when performing a signing operation with a derived Ed25519 key, would emit public keys to the audit log. This issue has been patched in OpenBao 2.4.2.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://github.com/openbao/openbao/security/advisories/GHSA-rc54-2g2c-g36g
MISC https://github.com/openbao/openbao/commit/cc2c476bac66e1d94776c2629793daec3af625f8

Match rules

CPE URI Source package Min version Max version
openbao >= 0 < 2.4.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
openbao edge-community 2.4.3-r0 Kevin Daudt <kdaudt@alpinelinux.org> fixed
openbao edge-community 2.4.1-r2 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
openbao edge-community 2.4.1-r1 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
openbao edge-community 2.4.1-r0 None possibly vulnerable
openbao edge-community 2.3.2-r1 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
openbao edge-community 2.3.2-r0 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
openbao edge-community 2.3.1-r1 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
openbao edge-community 2.3.1-r0 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
openbao edge-community 2.2.2-r1 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
openbao edge-community 2.2.2-r0 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
openbao edge-community 2.2.1-r1 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
openbao edge-community 2.2.1-r0 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
openbao edge-community 2.2.0-r2 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
openbao edge-community 2.2.0-r1 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
openbao edge-community 2.2.0-r0 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
openbao edge-community 2.1.0-r2 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
openbao edge-community 2.1.0-r1 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
openbao edge-community 2.1.0-r0 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
openbao 3.22-community 2.4.3-r0 Kevin Daudt <kdaudt@alpinelinux.org> fixed
openbao 3.22-community 2.4.1-r0 None possibly vulnerable
openbao 3.22-community 2.3.2-r0 None possibly vulnerable
openbao 3.22-community 2.3.1-r3 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
openbao 3.22-community 2.3.1-r2 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
openbao 3.22-community 2.3.1-r1 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
openbao 3.22-community 2.3.1-r0 None possibly vulnerable
openbao 3.22-community 2.2.2-r0 None possibly vulnerable
openbao 3.22-community 2.1.0-r5 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable