CVE-2025-28381
- Source
- https://cve.org/CVERecord?id=CVE-2025-28381
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-28381.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-28381
- Published
- 2025-06-13T14:15:20.177Z
- Modified
- 2026-04-10T05:24:25.924247Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers.
- References
-
- https://github.com/OpenC3/cosmos/pull/1816/commits/cce64c213fd2e6a70e2ccbf3622949fe8f9dcaef
- https://github.com/OpenC3/cosmos/releases/tag/v6.0.2
- https://openc3.com/
- https://github.com/OpenC3/cosmos/pull/1816
- https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework/
Affected packages
Git / github.com/openc3/cosmos
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openc3/cosmos
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "6.0.0" }, { "introduced": "0" }, { "last_affected": "6.0.0" } ] }
Affected versions
v3.*
v3.0.0
v3.1.0
v3.1.1
v3.1.2
v3.2.1
v3.3.0
v3.3.1
v3.4.0
v3.4.1
v3.4.2
v3.5.1
v3.6.0
v3.6.1
v3.6.2
v3.7.0
v3.8.0
v3.8.1
v3.8.2
v3.8.3
v3.9.0
v3.9.1
v3.9.2
v4.*
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.1.0
v4.1.1
v4.2.3
v4.3.0
v5.*
v5.0.0
v5.0.0-beta.1
v5.0.0.beta2
v5.0.1
v5.0.10
v5.0.11
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.7
v5.0.8
v5.0.9
v5.1.0
v5.1.1
v5.10.0
v5.10.1
v5.11.0
v5.11.1
v5.11.2
v5.11.3
v5.12.0
v5.13.0
v5.14.0
v5.14.1
v5.14.2
v5.15.0
v5.15.1
v5.15.2
v5.16.0
v5.16.1
v5.16.2
v5.17.0
v5.17.1
v5.18.0
v5.19.0
v5.2.0
v5.20.0
v5.3.0
v5.4.0
v5.4.1
v5.4.2
v5.4.3-beta0
v5.5.0
v5.5.0-beta0
v5.5.1
v5.5.2
v5.5.2-beta0
v5.6.0
v5.6.1
v5.7.0
v5.7.2
v5.8.0
v5.8.1
v5.9.0
v5.9.1
v6.*
v6.0.0
v6.0.1