Description

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate from the earlier HCSEC-2025-09 / CVE-2025-4166. This issue has been fixed in OpenBao v2.3.0 and later. Like with HCSEC-2025-09, there is no known workaround except to ensure properly formatted requests from all clients.

INFO

Published Date :

2025-06-25T16:54:50.262Z

Last Modified :

2025-06-25T20:39:04.734Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-52893 vulnerability.

Vendors Products
Openbao
  • Openbao
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-52893.

URL Resource
https://discuss.hashicorp.com/t/hcsec-2025-09-vault-may-expose-sensitive-information-in-error-logs-when-processing-malformed-data-with-the-kv-v2-plugin/74717 cve-icon cve-icon
https://github.com/go-viper/mapstructure/commit/ed3f92181528ff776a0324107b8b55026e93766a cve-icon cve-icon
https://github.com/go-viper/mapstructure/pull/105 cve-icon cve-icon
https://github.com/go-viper/mapstructure/releases/tag/v2.3.0 cve-icon cve-icon
https://github.com/openbao/openbao/commit/cf5e920badbf96b41253534a3fd5ff5063bf4b30 cve-icon cve-icon
https://github.com/openbao/openbao/security/advisories/GHSA-8f5r-8cmq-7fmq cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact