CVE-2025-50200
- Source
- https://cve.org/CVERecord?id=CVE-2025-50200
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-50200.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-50200
- Aliases
-
- BIT-rabbitmq-2025-50200
- GHSA-gh3x-4x42-fvq8
- Downstream
- Related
- Published
- 2025-06-19T16:14:24.919Z
- Modified
- 2026-04-10T05:29:10.927904Z
- Severity
-
- 6.7 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- RabbitMQ Node can log Basic Auth header from an HTTP request
- Details
-
RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/50xxx/CVE-2025-50200.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-532" ] }- References
Affected packages
Git / github.com/rabbitmq/rabbitmq-server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/rabbitmq/rabbitmq-server
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
rabbitmq_v1_4_0
rabbitmq_v1_5_0
rabbitmq_v1_6_0
rabbitmq_v1_7_0
rabbitmq_v1_7_2
rabbitmq_v1_8_1
rabbitmq_v2_4_0
rabbitmq_v2_7_1
rabbitmq_v2_8_0
rabbitmq_v3_0_0
rabbitmq_v3_0_1
rabbitmq_v3_0_2
rabbitmq_v3_0_3
rabbitmq_v3_0_4
rabbitmq_v3_1_1
rabbitmq_v3_1_2
rabbitmq_v3_1_3
rabbitmq_v3_1_4
rabbitmq_v3_1_5
rabbitmq_v3_2_1
rabbitmq_v3_2_2
rabbitmq_v3_2_3
rabbitmq_v3_2_4
rabbitmq_v3_3_0
rabbitmq_v3_3_1
rabbitmq_v3_3_2
rabbitmq_v3_3_3
rabbitmq_v3_3_4
rabbitmq_v3_3_5
rabbitmq_v3_4_0
rabbitmq_v3_4_1
rabbitmq_v3_4_2
rabbitmq_v3_4_3
rabbitmq_v3_5_0
rabbitmq_v3_6_0
rabbitmq_v3_6_0_milestone1
rabbitmq_v3_6_0_milestone2
rabbitmq_v3_6_0_milestone3
rabbitmq_v3_6_0_rc1
rabbitmq_v3_6_0_rc2
rabbitmq_v3_6_0_rc3
rabbitmq_v3_7_0_milestone1
rabbitmq_v3_7_0_milestone10
rabbitmq_v3_7_0_milestone11
rabbitmq_v3_7_0_milestone12
rabbitmq_v3_7_0_milestone13
rabbitmq_v3_7_0_milestone14
rabbitmq_v3_7_0_milestone15
rabbitmq_v3_7_0_milestone16
rabbitmq_v3_7_0_milestone17
rabbitmq_v3_7_0_milestone18
rabbitmq_v3_7_0_milestone2
rabbitmq_v3_7_0_milestone3
rabbitmq_v3_7_0_milestone4
rabbitmq_v3_7_0_milestone5
rabbitmq_v3_7_0_milestone7
rabbitmq_v3_7_0_milestone8
rabbitmq_v3_7_0_milestone9
v0.*
v0.0.0-beta.1
v3.*
v3.11.0-rc.2
v3.13.0
v3.13.0-beta.1
v3.13.0-beta.2
v3.13.0-beta.3
v3.13.0-beta.4
v3.13.0-beta.5
v3.13.0-beta.6
v3.13.0-rc.1
v3.13.0-rc.2
v3.13.0-rc.3
v3.13.0-rc.4
v3.13.0-rc.5
v3.13.0-rc.6
v3.7.0-beta.19
v3.7.0-beta.20
v3.7.0-rc.1
v3.7.0-rc.2
v3.8.0-beta.1
v3.8.0-beta.2
v3.8.0-beta.3
v3.8.0-beta.4
v3.8.0-beta.5
v3.8.0-beta.6
v3.8.0-beta.7
v3.8.0-rc.1
v3.8.10
v4.*
v4.0.0
v4.0.0-beta.1
v4.0.0-beta.2
v4.0.0-beta.3
v4.0.0-beta.4
v4.0.0-beta.5
v4.0.0-beta.6
v4.0.0-rc.1
v4.0.0-rc.2
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7