CVE-2025-4166

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
02/05/2025
Last modified:
05/05/2025

Description

Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is fixed in Vault Community 1.19.3 and Vault Enterprise 1.19.3, 1.18.9, 1.17.16, 1.16.20.