CNNVD-202508-807 Information

CNNVD ID

CNNVD-202508-807

Related CVE

CVE-2025-54997

• CNNVD Published: 2025-08-09

Description (Chinese)

OpenBao是OpenBao开源的一个敏感数据管理软件。 OpenBao 2.3.1及之前版本存在代码注入漏洞，该漏洞源于审计子系统可绕过限制，可能导致未授权代码执行和网络访问。

Description (English)

OpenBao is a sensitive data management software for OpenBao open source. OpenBao 2.3.1 and previous versions had a code injection loophole, which stemmed from the limitations that audit subsystems could circumvent and could lead to unauthorized code implementation and network access.

Hazard Level

Low

Vulnerability Type

代码注入

Affected Vendor

OpenBao

Published

2025-08-09

Last Modified

2026-02-24

References

https://github.com/openbao/openbao/pull/1634 https://discuss.hashicorp.com/t/hcsec-2025-14-privileged-vault-operator-may-execute-code-on-the-underlying-host/76033 https://github.com/openbao/openbao/security/advisories/GHSA-xp75-r577-cvhp https://github.com/openbao/openbao/releases/tag/v2.3.2 https://access.redhat.com/security/cve/cve-2025-54997

Patch

https://github.com/openbao/openbao/releases