SB2025102835 - Multiple vulnerabilities in OpenBao

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025102835

SB2025102835 - Multiple vulnerabilities in OpenBao

Published: October 28, 2025

Security Bulletin ID SB2025102835
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 57% Low 43%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Improper privilege management (CVE-ID: CVE-2025-54997)

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to improper privilege management within the API. A remote user with privileged API access can perform actions otherwise restricted to their account.


2) Improper Restriction of Excessive Authentication Attempts (CVE-ID: CVE-2025-54998)

The vulnerability allows a remote attacker to bypass automatic lockout mechanism.

The vulnerability exists due to an error in the OpenBao Userpass and LDAP auth systems. A remote user attacker can bypass automatic user lockout mechanism and perform brute-force attacks. 


3) Observable discrepancy (CVE-ID: CVE-2025-54999)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to timing difference between non-existent users and users with stored credentials when userpass auth method is used.  A remote attacker can enumerate existing application users. 


4) Improper authentication (CVE-ID: CVE-2025-55000)

The vulnerability allows a remote user to bypass MFA authentication.

The vulnerability exists due to an error caused by an unexpected normalization in the underlying TOTP library. A remote user can bypass MFA authentication and gain unauthorized access to the application. 


5) Protection Mechanism Failure (CVE-ID: CVE-2025-55001)

The vulnerability allows a remote user to bypass MFA enforcement.

The vulnerability exists due to insufficient implementation of security measures when handling LDAP authentication requests. A remote user can bypass MFA enforcement and gain unauthorized access to the application. 


6) Improper Restriction of Excessive Authentication Attempts (CVE-ID: CVE-2025-55003)

The vulnerability allows a remote attacker to brute-force one time passwords.

The vulnerability exists due to an error caused by normalization applied by the underlying TOTP library, which lead to code with a whitespace were accepted. Such a whitespace could bypass internal rate limiting of the MFA method and allow reuse of existing MFA codes.


7) Improper privilege management (CVE-ID: CVE-2025-54996)

The vulnerability allows a remote user to escalate privileges.

The vulnerability exists due to improper privilege management. A remote user with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to the root policy.


Remediation

Install update from vendor's website.

References