CNNVD-202510-4452 Information

CNNVD ID

CNNVD-202510-4452

Related CVE

CVE-2025-62232

• CNNVD Published: 2025-10-31

Description (Chinese)

Apache Apisix是美国阿帕奇（Apache）基金会的一个云原生的微服务API网关服务。该软件基于 OpenResty 和 etcd 来实现，具备动态路由和插件热加载，适合微服务体系下的 API 管理。 Apache Apisix存在安全漏洞，该漏洞源于basic-auth日志记录敏感数据，可能导致明文用户名和密码写入错误日志并转发到日志接收器，存在凭据泄露风险。

Description (English)

Apache Apisix is a micro-service API gateway service of the Apache Foundation in the United States. The software is based on OpenResty and etcd and has dynamic routing and plugin heat loads that are suitable for API management under the microservice system. There is a security loophole in Apache Apisix, which stems from the entry of sensitive data in the Basic-Auth log, which could lead to the inclusion of an explicit user name and password in the log and forward to the log receiver, with the risk of a documented leak.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-10-31

Last Modified

2026-02-24

References

http://www.openwall.com/lists/oss-security/2025/10/30/4 https://lists.apache.org/thread/32hdgh570btfhg02hfc7p7ckf9v83259 https://access.redhat.com/security/cve/cve-2025-62232

Patch

https://apisix.apache.org/