OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate from the earlier HCSEC-2025-09 / CVE-2025-4166. This issue has been fixed in OpenBao v2.3.0 and later. Like with HCSEC-2025-09, there is no known workaround except to ensure properly formatted requests from all clients.
                
            References
                    Configurations
                    History
                    12 Aug 2025, 20:53
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time | Openbao Openbao openbao | |
| References | () https://discuss.hashicorp.com/t/hcsec-2025-09-vault-may-expose-sensitive-information-in-error-logs-when-processing-malformed-data-with-the-kv-v2-plugin/74717 - Not Applicable | |
| References | () https://github.com/go-viper/mapstructure/commit/ed3f92181528ff776a0324107b8b55026e93766a - Not Applicable | |
| References | () https://github.com/go-viper/mapstructure/pull/105 - Not Applicable | |
| References | () https://github.com/go-viper/mapstructure/releases/tag/v2.3.0 - Not Applicable | |
| References | () https://github.com/openbao/openbao/commit/cf5e920badbf96b41253534a3fd5ff5063bf4b30 - Patch | |
| References | () https://github.com/openbao/openbao/security/advisories/GHSA-8f5r-8cmq-7fmq - Vendor Advisory | |
| CPE | cpe:2.3:a:openbao:openbao:*:*:*:*:*:*:*:* | 
26 Jun 2025, 18:57
| Type | Values Removed | Values Added | 
|---|---|---|
| Summary | 
 | 
25 Jun 2025, 17:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2025-06-25 17:15
Updated : 2025-08-12 20:53
NVD link : CVE-2025-52893
Mitre link : CVE-2025-52893
CVE.ORG link : CVE-2025-52893
JSON object : View
Products Affected
                openbao
- openbao
CWE
                
                    
                        
                        CWE-532
                        
            Insertion of Sensitive Information into Log File
