CVE-2025-55001

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-55001

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55001.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-55001

Aliases

Published

2025-08-09T02:01:29.056Z

Modified

2025-12-05T10:20:06.986010Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias

Details

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. When the usernameasalias=true parameter in the LDAP auth method was in use, the caller-supplied username was used verbatim without normalization, allowing an attacker to bypass alias-specific MFA requirements. This issue was fixed in version 2.3.2. To work around this, remove all usage of the usernameasalias=true parameter and update any entity aliases accordingly.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55001.json",
    "cwe_ids": [
        "CWE-156"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/openbao/openbao

Affected ranges

Type: GIT
Repo: https://github.com/openbao/openbao
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b1a68f558c89d18d38fbb8675bb6fc1d90b71e98

Affected versions

api/auth/approle/v0.*

api/auth/approle/v0.1.0

api/auth/approle/v0.1.1

api/auth/approle/v0.2.0

api/auth/approle/v0.3.0

api/auth/approle/v0.4.0

api/auth/approle/v0.4.1

api/auth/approle/v1.*

api/auth/approle/v1.1.0-development20240408

api/auth/approle/v2.*

api/auth/approle/v2.0.1

api/auth/approle/v2.2.0

api/auth/approle/v2.3.0

api/auth/approle/v2.3.1

api/auth/aws/v0.*

api/auth/aws/v0.1.0

api/auth/aws/v0.2.0

api/auth/aws/v0.3.0

api/auth/aws/v0.4.0

api/auth/aws/v0.4.1

api/auth/aws/v1.*

api/auth/aws/v1.1.0-development20240408

api/auth/azure/v0.*

api/auth/azure/v0.1.0

api/auth/azure/v0.2.0

api/auth/azure/v0.3.0

api/auth/azure/v0.4.0

api/auth/azure/v0.4.1

api/auth/azure/v1.*

api/auth/azure/v1.1.0-development20240408

api/auth/gcp/v0.*

api/auth/gcp/v0.1.0

api/auth/gcp/v0.2.0

api/auth/gcp/v0.3.0

api/auth/gcp/v0.4.0

api/auth/gcp/v0.4.1

api/auth/gcp/v1.*

api/auth/gcp/v1.1.0-development20240408

api/auth/kubernetes/v1.*

api/auth/kubernetes/v1.1.0-development20240408

api/auth/kubernetes/v2.*

api/auth/kubernetes/v2.0.1

api/auth/kubernetes/v2.2.0

api/auth/kubernetes/v2.3.0

api/auth/kubernetes/v2.3.1

api/auth/ldap/v1.*

api/auth/ldap/v1.1.0-development20240408

api/auth/ldap/v2.*

api/auth/ldap/v2.0.1

api/auth/ldap/v2.2.0

api/auth/ldap/v2.3.0

api/auth/ldap/v2.3.1

api/auth/userpass/v0.*

api/auth/userpass/v0.1.0

api/auth/userpass/v0.2.0

api/auth/userpass/v0.3.0

api/auth/userpass/v0.4.0

api/auth/userpass/v0.4.1

api/auth/userpass/v1.*

api/auth/userpass/v1.1.0-development20240408

api/auth/userpass/v2.*

api/auth/userpass/v2.0.1

api/auth/userpass/v2.2.0

api/auth/userpass/v2.3.0

api/auth/userpass/v2.3.1

api/v1.*

api/v1.0.1

api/v1.0.2

api/v1.0.3

api/v1.0.4

api/v1.1.1

api/v1.100.0-development20240408

api/v1.2.0

api/v1.3.1

api/v1.5.0

api/v1.6.0

api/v1.7.0

api/v1.7.1

api/v1.7.2

api/v1.8.0

api/v1.8.1

api/v1.8.2

api/v1.8.3

api/v1.9.0

api/v1.9.1

api/v1.9.2

api/v2.*

api/v2.0.1

api/v2.1.0

api/v2.2.0

api/v2.3.0

api/v2.3.1

Other

before-plugin-removal

dev-namespaces-base-20250215

dev-namespaces-base-20250311

dev-namespaces-base-20250424

fork-point

sdk/v0.*

sdk/v0.1.10

sdk/v0.1.11

sdk/v0.1.12

sdk/v0.1.13

sdk/v0.1.8

sdk/v0.1.9

sdk/v0.2.1

sdk/v0.3.0

sdk/v0.4.1

sdk/v0.5.0

sdk/v0.5.1

sdk/v0.5.3

sdk/v0.6.0

sdk/v0.6.1

sdk/v0.6.2

sdk/v0.7.0

sdk/v0.8.0

sdk/v0.9.0

sdk/v0.9.1

sdk/v1.*

sdk/v1.100.0-development20240408

sdk/v2.*

sdk/v2.0.1

sdk/v2.1.0

sdk/v2.2.0

sdk/v2.3.0

sdk/v2.3.1

v2.*

v2.0.0

v2.0.0-alpha20240329

v2.0.0-beta20240618

v2.1.0-beta20241114

v2.1.0-beta20241114.1

v2.1.0-beta20241114.2

v2.1.0-beta20241114.3

v2.2.0-beta20250213

v2.3.0

v2.3.0-beta20250528

v2.3.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55001.json"