CNNVD-202508-811 Information

CNNVD ID

CNNVD-202508-811

Related CVE

CVE-2025-55000

• CNNVD Published: 2025-08-09

Description (Chinese)

OpenBao是OpenBao开源的一个敏感数据管理软件。 OpenBao 0.1.0至2.3.1版本存在安全漏洞，该漏洞源于TOTP密钥引擎可多次接受有效代码，可能导致安全风险。

Description (English)

OpenBao is a sensitive data management software for OpenBao open source. Releases 0.1.0 to 2.3.1 of OpenBao contain a security loophole, which stems from the repeated acceptance of valid codes in TOTP key engines, which may lead to security risks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

OpenBao

Published

2025-08-09

Last Modified

2026-02-24

References

https://discuss.hashicorp.com/t/hcsec-2025-17-vault-totp-secrets-engine-code-reuse/76036 https://github.com/openbao/openbao/commit/183891f8d535d5b6eb3d79fda8200cade6de99e1 https://github.com/openbao/openbao/security/advisories/GHSA-f7c3-mhj2-9pvg https://access.redhat.com/security/cve/cve-2025-55000

Patch

https://github.com/openbao/openbao/releases