Security Advisory

CVE-2025-4166

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-02 14:57:58

Last updated 2025-05-08 13:01:48

Assigner HashiCorp

State PUBLISHED

Description

Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is fixed in Vault Community 1.19.3 and Vault Enterprise 1.19.3, 1.18.9, 1.17.16, 1.16.20.

← Browse all CVEs View on cve.org ↗