Cleartext Storage Vulnerability in Obsidian GitHub Copilot Plugin
CVE-2025-58401

5.1MEDIUM

Key Information:

Vendor: Pierre-adrien Vasseur
Status: Obsidian Github Copilot Plugin
Vendor: CVE Published:; 5 September 2025

🔔 Create Pierre-adrien Vasseur Vulnerability Alert

What is CVE-2025-58401?

The Obsidian GitHub Copilot Plugin prior to version 1.1.7 exposes a significant security risk by storing GitHub API tokens in an unencrypted format. This vulnerability allows unauthorized users to access and perform malicious actions on linked GitHub accounts, compromising sensitive data and project security. It is crucial for users to upgrade to the latest version to protect against potential exploits and safeguard their information.

Affected Version(s)

Obsidian GitHub Copilot Plugin prior to 1.1.7

References

https://github.com/Pierrad/obsidian-github-copilot/releas...

https://jvn.jp/en/jp/JVN41633999/

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

6.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Sep 1, 2025