Sensitive Data Exposure in MyHoard Backup Daemon from Aiven
CVE-2025-67745

7.1HIGH

Key Information:

Vendor: Aiven-open
Status: Myhoard
Vendor: CVE Published:; 18 December 2025

What is CVE-2025-67745?

MyHoard, a backup daemon used for managing MySQL backups, has a vulnerability where it logs entire backup information, including sensitive encryption keys, in versions from 1.0.1 to 1.2.9. This creates a potential risk of unauthorized access to critical data. The issue is resolved in version 1.3.0, and as a temporary fix, users can redirect logs to /dev/null to prevent exposure.

Affected Version(s)

myhoard >= 1.0.1, < 1.3.0

References

https://github.com/Aiven-Open/myhoard/security/advisories...

x_refsource_CONFIRM

https://github.com/Aiven-Open/myhoard/commit/fac89793bfc8...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Dec 11, 2025

CVE-2025-67745 Data

JSON

Aiven-open

What is CVE-2025-67745?

Affected Version(s)

References

CVSS V3.1

Timeline