Description

traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an SQL error by methods such as placing a high load on the database. This could allow an attacker who has the authority to view the log files to illicitly acquire the recorded sensitive information. This vulnerability has been patched in version 3.25.0. If upgrading is not possible, a temporary workaround involves reviewing access permissions for SQL error logs and strictly limiting access to prevent unauthorized users from viewing them.

INFO

Published Date :

2025-08-26T16:06:41.220Z

Last Modified :

2025-08-26T20:37:52.226Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-57813 vulnerability.

Vendors Products
Traq
  • Traq
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-57813.

URL Resource
https://github.com/traPtitech/traQ/commit/ce5da94f5d5a8348f9ecdc82140b6f53b3721698 cve-icon cve-icon
https://github.com/traPtitech/traQ/pull/2787 cve-icon cve-icon
https://github.com/traPtitech/traQ/security/advisories/GHSA-27r7-3m9x-r533 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact