2405944 – (CVE-2025-62705) CVE-2025-62705 openbao: OpenBao and Vault Leak []byte Fields in Audit Logs

Bug 2405944 (CVE-2025-62705) - CVE-2025-62705 openbao: OpenBao and Vault Leak []byte Fields in Audit Logs

Summary: CVE-2025-62705 openbao: OpenBao and Vault Leak []byte Fields in Audit Logs

Keywords:
Status:	NEW
Alias:	CVE-2025-62705
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-22 22:01 UTC by OSIDB Bzimport
Modified:	2025-10-23 20:07 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-10-22 22:01:47 UTC

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent []byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64, all data would be emitted unredacted to the audit log, and Transit, when performing a signing operation with a derived Ed25519 key, would emit public keys to the audit log. This issue has been patched in OpenBao 2.4.2.

Note You need to log in before you can comment on or make changes to this bug.