OpenBao Audit Log Data Exposure in Secrets Management System
CVE-2025-62705

5.7MEDIUM

Key Information:

Vendor: Openbao
Status: Openbao
Vendor: CVE Published:; 22 October 2025

What is CVE-2025-62705?

OpenBao, a robust open source identity-based secrets management system, experienced a significant vulnerability in its audit logging mechanism prior to version 2.4.2. The issue arose when certain subsystems sent []byte response parameters instead of strings, resulting in sensitive data being logged unredacted. For example, operations involving sys/raw with base64 encoding, as well as Transit signing processes using derived Ed25519 keys, could allow public keys and other sensitive materials to appear in the audit log. This flaw has been resolved in the latest release, OpenBao 2.4.2, ensuring improved privacy and security for users.

Affected Version(s)

openbao < 2.4.2

References

https://github.com/openbao/openbao/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/openbao/openbao/commit/cc2c476bac66e1d...

x_refsource_MISC

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Oct 20, 2025

JSON

Openbao

What is CVE-2025-62705?

Affected Version(s)

References

CVSS V4

Timeline