Sensitive Information Exposure in Snyk CLI Debug Logs
CVE-2025-6624

2.4LOW

Key Information:

Vendor: Snyk
Status: Snyk
Vendor: CVE Published:; 26 June 2025

What is CVE-2025-6624?

Certain versions of Snyk CLI are vulnerable to the exposure of sensitive information through local debug logs. In DEBUG or TRACE mode, critical authentication credentials can be inadvertently recorded. This occurs during operations with specific Snyk commands such as snyk container test and snyk auth, where user credentials set in environment variables or command line arguments might be logged. Further, executing snyk iac test with custom rules and debug enabled could also expose sensitive tokens. Ensuring the latest version is used and minimizing debug mode for sensitive operations is essential to mitigate these risks.

Affected Version(s)

snyk 0 < 1.1297.3

References

https://security.snyk.io/vuln/SNYK-JS-SNYK-10497607

https://github.com/snyk/cli/commit/38322f377da7e5f1391e1f...

https://github.com/snyk/cli/releases/tag/v1.1297.3

CVSS V4

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2025
Vulnerability Reserved
Jun 25, 2025

Credit

Snyk Research Team