Private Key Exposure in Cloud Foundry UAA Software
CVE-2025-22246

7.5HIGH

Key Information:

Vendor: Cloud Foundry
Status: Uaa; Cf Deployment
Vendor: CVE Published:; 13 May 2025

🔔 Create Cloud Foundry Vulnerability Alert

What is CVE-2025-22246?

Cloud Foundry UAA versions from v77.21.0 to v7.31.0 exhibit a vulnerability that allows for private key exposure within system logs. This incident can potentially lead to unauthorized access, as sensitive keys are inadvertently logged, posing significant security challenges for users relying on the UAA framework for authentication and authorization processes. It is crucial for organizations using affected versions to assess their exposure and promptly implement necessary mitigations.

Affected Version(s)

CF deployment any v45.1.0

UAA Any v77.21.0

References

https://www.cloudfoundry.org/blog/cve-2025-22246-uaa-priv...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Jan 2, 2025

CVE-2025-22246 Data

JSON