CVE-2025-62705

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-62705
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62705.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-62705
Aliases
Published
2025-10-22T21:23:51Z
Modified
2025-10-24T04:21:53.990121Z
Severity
  • 5.7 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
OpenBao and Vault Leak []byte Fields in Audit Logs
Details

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent []byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64, all data would be emitted unredacted to the audit log, and Transit, when performing a signing operation with a derived Ed25519 key, would emit public keys to the audit log. This issue has been patched in OpenBao 2.4.2.

Database specific 
{
    "cwe_ids": [
        "CWE-532"
    ]
}
References

Affected packages

Git / github.com/openbao/openbao

Affected ranges

Type
GIT
Repo
https://github.com/openbao/openbao
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
60a60616415dcfb0ac5ab1df63ee027718a369b6

Affected versions

api/auth/approle/v0.*

api/auth/approle/v0.1.0
api/auth/approle/v0.1.1
api/auth/approle/v0.2.0
api/auth/approle/v0.3.0
api/auth/approle/v0.4.0
api/auth/approle/v0.4.1

api/auth/approle/v1.*

api/auth/approle/v1.1.0-development20240408

api/auth/approle/v2.*

api/auth/approle/v2.0.1
api/auth/approle/v2.2.0
api/auth/approle/v2.3.0
api/auth/approle/v2.4.0

api/auth/aws/v0.*

api/auth/aws/v0.1.0
api/auth/aws/v0.2.0
api/auth/aws/v0.3.0
api/auth/aws/v0.4.0
api/auth/aws/v0.4.1

api/auth/aws/v1.*

api/auth/aws/v1.1.0-development20240408

api/auth/azure/v0.*

api/auth/azure/v0.1.0
api/auth/azure/v0.2.0
api/auth/azure/v0.3.0
api/auth/azure/v0.4.0
api/auth/azure/v0.4.1

api/auth/azure/v1.*

api/auth/azure/v1.1.0-development20240408

api/auth/gcp/v0.*

api/auth/gcp/v0.1.0
api/auth/gcp/v0.2.0
api/auth/gcp/v0.3.0
api/auth/gcp/v0.4.0
api/auth/gcp/v0.4.1

api/auth/gcp/v1.*

api/auth/gcp/v1.1.0-development20240408

api/auth/jwt/v2.*

api/auth/jwt/v2.4.0

api/auth/kubernetes/v1.*

api/auth/kubernetes/v1.1.0-development20240408

api/auth/kubernetes/v2.*

api/auth/kubernetes/v2.0.1
api/auth/kubernetes/v2.2.0
api/auth/kubernetes/v2.3.0
api/auth/kubernetes/v2.4.0

api/auth/ldap/v1.*

api/auth/ldap/v1.1.0-development20240408

api/auth/ldap/v2.*

api/auth/ldap/v2.0.1
api/auth/ldap/v2.2.0
api/auth/ldap/v2.3.0
api/auth/ldap/v2.4.0

api/auth/userpass/v0.*

api/auth/userpass/v0.1.0
api/auth/userpass/v0.2.0
api/auth/userpass/v0.3.0
api/auth/userpass/v0.4.0
api/auth/userpass/v0.4.1

api/auth/userpass/v1.*

api/auth/userpass/v1.1.0-development20240408

api/auth/userpass/v2.*

api/auth/userpass/v2.0.1
api/auth/userpass/v2.2.0
api/auth/userpass/v2.3.0
api/auth/userpass/v2.4.0

api/v1.*

api/v1.0.1
api/v1.0.2
api/v1.0.3
api/v1.0.4
api/v1.1.1
api/v1.100.0-development20240408
api/v1.2.0
api/v1.3.1
api/v1.5.0
api/v1.6.0
api/v1.7.0
api/v1.7.1
api/v1.7.2
api/v1.8.0
api/v1.8.1
api/v1.8.2
api/v1.8.3
api/v1.9.0
api/v1.9.1
api/v1.9.2

api/v2.*

api/v2.0.1
api/v2.1.0
api/v2.2.0
api/v2.3.0
api/v2.4.0

Other

before-plugin-removal
dev-namespaces-base-20250215
dev-namespaces-base-20250311
dev-namespaces-base-20250424
fork-point

sdk/v0.*

sdk/v0.1.10
sdk/v0.1.11
sdk/v0.1.12
sdk/v0.1.13
sdk/v0.1.8
sdk/v0.1.9
sdk/v0.2.1
sdk/v0.3.0
sdk/v0.4.1
sdk/v0.5.0
sdk/v0.5.1
sdk/v0.5.3
sdk/v0.6.0
sdk/v0.6.1
sdk/v0.6.2
sdk/v0.7.0
sdk/v0.8.0
sdk/v0.9.0
sdk/v0.9.1

sdk/v1.*

sdk/v1.100.0-development20240408

sdk/v2.*

sdk/v2.0.1
sdk/v2.1.0
sdk/v2.2.0
sdk/v2.3.0
sdk/v2.4.0

v2.*

v2.0.0
v2.0.0-alpha20240329
v2.0.0-beta20240618
v2.1.0-beta20241114
v2.1.0-beta20241114.1
v2.1.0-beta20241114.2
v2.1.0-beta20241114.3
v2.2.0-beta20250213
v2.3.0-beta20250528
v2.4.0
v2.4.1