Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-62705

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent []byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64, all data would be emitted unredacted to the audit log, and Transit, when performing a signing operation with a derived Ed25519 key, would emit public keys to the audit log. This issue has been patched in OpenBao 2.4.2.

Published

2025-10-22T22:15:35.420

Last Modified

2025-10-27T20:27:05.360

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openbao	openbao	< 2.4.2	Yes

References

https://github.com/openbao/openbao/commit/cc2c476bac66e1d94776c2629793daec3af625f8 Patch ([email protected])
https://github.com/openbao/openbao/security/advisories/GHSA-rc54-2g2c-g36g Patch, Vendor Advisory ([email protected])