CVE-2025-4166 Information

May 03, 2025 cve

Description

Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability identified as CVE-2025-4166 is fixed in Vault Community 1.19.3 and Vault Enterprise 1.19.3 1.18.9 1.17.16 1.16.20.

Reference

https://discuss.hashicorp.com/t/hcsec-2025-09-vault-may-expose-sensitive-information-in-error-logs-when-processing-malformed-data-with-the-kv-v2-plugin

Share on: