Privilege Escalation Vulnerability in OpenBao by OpenBao
CVE-2025-54996
Currently unrated
What is CVE-2025-54996?
OpenBao, a solution for managing sensitive data such as secrets and keys, is vulnerable due to a flaw that permits highly-privileged accounts to extend their access to root policy within root namespaces. Versions 2.3.1 and earlier allow for the addition of arbitrary policies that could include capability grants to unwarranted paths. Although the root policy was intended to be securely managed with specific keys, this vulnerability compromises that intention, potentially enabling unauthorized access and manipulation of sensitive data. Version 2.3.2 addresses this issue. For immediate remediation, employing denied parameters in affected policies may effectively mitigate risk.