Inclusion of Sensitive Information in Log Files in OpenBao - CVE-2025-52893
Published: October 28, 2025
Vulnerability identifier: #VU117693
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-52893
CWE-ID: CWE-532
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: OpenBao
Affected software:
OpenBao
OpenBao
Detailed vulnerability description
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into logs. A remote user can read the log and gain access to sensitive data.
How to mitigate CVE-2025-52893
Install updates from vendor's website.
Sources
- https://github.com/go-viper/mapstructure/commit/ed3f92181528ff776a0324107b8b55026e93766a
- https://github.com/go-viper/mapstructure/pull/105
- https://github.com/go-viper/mapstructure/releases/tag/v2.3.0
- https://github.com/openbao/openbao/commit/cf5e920badbf96b41253534a3fd5ff5063bf4b30
- https://github.com/openbao/openbao/security/advisories/GHSA-8f5r-8cmq-7fmq