Identity-based Secrets Management Vulnerability in OpenBao System
CVE-2025-62513

5.7MEDIUM

Key Information:

Vendor: Openbao
Status: Openbao
Vendor: CVE Published:; 22 October 2025

What is CVE-2025-62513?

OpenBao, an open-source identity-based secrets management solution, suffers from a vulnerability in its audit log across versions 2.2.0 to 2.4.1. The error lies in a regression that fails to properly redact raw HTTP bodies for certain endpoints. As a result, sensitive information such as ACME verification challenge codes and OIDC token response details could inadvertently be exposed in the audit logs, compromising confidentiality. Though ACME verification codes have limited usability post-expiry, their exposure represents a potential risk to users. The issue has been rectified in OpenBao version 2.4.2.

Affected Version(s)

openbao >= 2.2.0, < 2.4.2

References

https://github.com/openbao/openbao/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/openbao/openbao/commit/cc2c476bac66e1d...

x_refsource_MISC

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Oct 15, 2025

JSON

Openbao

What is CVE-2025-62513?

Affected Version(s)

References

CVSS V4

Timeline