CVE-2025-67745

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-67745

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67745.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-67745

Aliases

GHSA-v42r-6hr9-4hcr

Published

2025-12-18T18:37:50.466Z

Modified

2026-03-01T02:55:04.264115Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVSS Calculator

Summary

Myhoard logs backup encryption key in plain text

Details

MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/67xxx/CVE-2025-67745.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-402"
    ]
}

References

Affected packages

Git / github.com/aiven-open/myhoard

Affected ranges

Type: GIT
Repo: https://github.com/aiven-open/myhoard
Events: Introduced

653c0f9ed7cdbe0a0c5662ca6b07b02e0f88f516

Fixed

e298528e0937a4582028a6ad9aedb93370418c74

Affected versions

1.*

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.1.0

1.1.1

1.1.10

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67745.json"