Common Weakness Enumeration

CWE-212

Allowed

Improper Removal of Sensitive Information Before Storage or Transfer

Abstraction: Base · Status: Incomplete

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

155 vulnerabilities reference this CWE, most recent first.

CVE-2025-61594 (GCVE-0-2025-61594)

Vulnerability from cvelistv5 – Published: 2025-12-30 21:03 – Updated: 2026-04-16 17:02
VLAI
Title
URI Credential Leakage Bypass over CVE-2025-27221
Summary
URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in Ruby 3.3 series), 1.0.3 and earlier (bundled in Ruby 3.4 series), when using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. This is a a bypass for the fix to CVE-2025-27221 that can expose user credentials. This issue has been fixed in versions 0.12.5, 0.13.3 and 1.0.4.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
Assigner
Impacted products
Vendor Product Version
ruby uri Affected: < 0.12.5
Affected: >= 0.13.0, < 0.13.3
Affected: >= 1.0.0, < 1.0.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61594",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-30T21:29:32.513492Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-30T21:29:39.048Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "uri",
          "vendor": "ruby",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.12.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.13.0, \u003c 0.13.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.0.0, \u003c 1.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in Ruby 3.3 series), 1.0.3 and earlier (bundled in Ruby 3.4 series), when using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. This is a a bypass for the fix to CVE-2025-27221 that can expose user credentials. This issue has been fixed in versions 0.12.5, 0.13.3 and 1.0.4."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-212",
              "description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-16T17:02:32.149Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ruby/uri/security/advisories/GHSA-j4pr-3wm6-xx2r",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ruby/uri/security/advisories/GHSA-j4pr-3wm6-xx2r"
        },
        {
          "name": "https://hackerone.com/reports/2957667",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/2957667"
        },
        {
          "name": "https://github.com/advisories/GHSA-22h5-pq3x-2gf2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/advisories/GHSA-22h5-pq3x-2gf2"
        },
        {
          "name": "https://www.ruby-lang.org/en/news/2025/02/26/security-advisories",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.ruby-lang.org/en/news/2025/02/26/security-advisories"
        }
      ],
      "source": {
        "advisory": "GHSA-j4pr-3wm6-xx2r",
        "discovery": "UNKNOWN"
      },
      "title": "URI Credential Leakage Bypass over CVE-2025-27221"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-61594",
    "datePublished": "2025-12-30T21:03:08.990Z",
    "dateReserved": "2025-09-26T16:25:25.150Z",
    "dateUpdated": "2026-04-16T17:02:32.149Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-59955 (GCVE-0-2025-59955)

Vulnerability from cvelistv5 – Published: 2026-01-05 17:46 – Updated: 2026-01-05 17:59
VLAI
Title
Coolify leaksensitive information `email_change_code` in `/api/v1/teams/{team_id | current}/members` API endpoint
Summary
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.8 have an information disclosure vulnerability in the `/api/v1/teams/{team_id}/members` and `/api/v1/teams/current/members` API endpoints allows authenticated team members to access a highly sensitive `email_change_code` from other users on the same team. This code is intended for a single-use email change verification and should be kept secret. Its exposure could enable a malicious actor to perform an unauthorized email address change on behalf of the victim. As of time of publication, no known patched versions exist.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-201 - Insertion of Sensitive Information Into Sent Data
  • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
  • CWE-214 - Invocation of Process Using Visible Sensitive Information
Assigner
References
Impacted products
Vendor Product Version
coollabsio coolify Affected: <= 4.0.0-beta.428
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59955",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-05T17:57:31.664806Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-05T17:59:28.044Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "coolify",
          "vendor": "coollabsio",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 4.0.0-beta.428"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.8 have an information disclosure vulnerability in the `/api/v1/teams/{team_id}/members` and `/api/v1/teams/current/members` API endpoints allows authenticated team members to access a highly sensitive `email_change_code` from other users on the same team. This code is intended for a single-use email change verification and should be kept secret. Its exposure could enable a malicious actor to perform an unauthorized email address change on behalf of the victim. As of time of publication, no known patched versions exist."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-201",
              "description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-212",
              "description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-214",
              "description": "CWE-214: Invocation of Process Using Visible Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T17:46:56.334Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/coollabsio/coolify/security/advisories/GHSA-927g-56xp-6427",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/coollabsio/coolify/security/advisories/GHSA-927g-56xp-6427"
        }
      ],
      "source": {
        "advisory": "GHSA-927g-56xp-6427",
        "discovery": "UNKNOWN"
      },
      "title": "Coolify leaksensitive information `email_change_code` in `/api/v1/teams/{team_id | current}/members` API endpoint"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-59955",
    "datePublished": "2026-01-05T17:46:56.334Z",
    "dateReserved": "2025-09-23T14:33:49.506Z",
    "dateUpdated": "2026-01-05T17:59:28.044Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-58049 (GCVE-0-2025-58049)

Vulnerability from cvelistv5 – Published: 2025-08-28 17:43 – Updated: 2025-08-28 18:15
VLAI
Title
XWiki PDF export jobs store sensitive cookies unencrypted in job statuses
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki shouldn't store passwords in plain text, and it shouldn't be possible to gain access to plain text passwords by gaining access to, e.g., a backup of the data directory. This vulnerability has been patched in XWiki 16.4.8, 16.10.7, and 17.4.0-rc-1.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
  • CWE-257 - Storing Passwords in a Recoverable Format
Assigner
Impacted products
Vendor Product Version
xwiki xwiki-platform Affected: >= 14.4.2, < 16.4.8
Affected: >= 16.5.0-rc-1, < 16.10.7
Affected: >= 17.0.0-rc-1, < 17.4.0-rc-1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-58049",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-28T18:15:42.371947Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-28T18:15:47.326Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xwiki-platform",
          "vendor": "xwiki",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 14.4.2, \u003c 16.4.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 16.5.0-rc-1, \u003c 16.10.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 17.0.0-rc-1, \u003c 17.4.0-rc-1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki shouldn\u0027t store passwords in plain text, and it shouldn\u0027t be possible to gain access to plain text passwords by gaining access to, e.g., a backup of the data directory. This vulnerability has been patched in XWiki 16.4.8, 16.10.7, and 17.4.0-rc-1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-212",
              "description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "CWE-257: Storing Passwords in a Recoverable Format",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-28T17:43:39.779Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9m7c-m33f-3429",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9m7c-m33f-3429"
        },
        {
          "name": "https://github.com/xwiki/xwiki-platform/commit/60982ad0057b1701ed8297f28cad35d170686539",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/commit/60982ad0057b1701ed8297f28cad35d170686539"
        },
        {
          "name": "https://jira.xwiki.org/browse/XWIKI-23151",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.xwiki.org/browse/XWIKI-23151"
        }
      ],
      "source": {
        "advisory": "GHSA-9m7c-m33f-3429",
        "discovery": "UNKNOWN"
      },
      "title": "XWiki PDF export jobs store sensitive cookies unencrypted in job statuses"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-58049",
    "datePublished": "2025-08-28T17:43:39.779Z",
    "dateReserved": "2025-08-22T14:30:32.221Z",
    "dateUpdated": "2025-08-28T18:15:47.326Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-57757 (GCVE-0-2025-57757)

Vulnerability from cvelistv5 – Published: 2025-08-28 16:32 – Updated: 2025-08-28 17:48
VLAI
Title
Contao discloses information in the news module
Summary
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not adding protected news archives to the news feed page.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
Assigner
Impacted products
Vendor Product Version
contao contao Affected: >= 5.0.0-RC1, < 5.3.38
Affected: >= 5.4.0-RC1, < 5.6.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-57757",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-28T17:45:40.665521Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-28T17:48:36.124Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "contao",
          "vendor": "contao",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 5.0.0-RC1, \u003c 5.3.38"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.4.0-RC1, \u003c 5.6.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not adding protected news archives to the news feed page."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-212",
              "description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-28T16:32:03.487Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7p",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7p"
        },
        {
          "name": "https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271"
        },
        {
          "name": "https://contao.org/en/security-advisories/information-disclosure-in-the-news-module",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://contao.org/en/security-advisories/information-disclosure-in-the-news-module"
        }
      ],
      "source": {
        "advisory": "GHSA-w53m-gxvg-vx7p",
        "discovery": "UNKNOWN"
      },
      "title": "Contao discloses information in the news module"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-57757",
    "datePublished": "2025-08-28T16:32:03.487Z",
    "dateReserved": "2025-08-19T15:16:22.916Z",
    "dateUpdated": "2025-08-28T17:48:36.124Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-53886 (GCVE-0-2025-53886)

Vulnerability from cvelistv5 – Published: 2025-07-14 23:35 – Updated: 2025-07-15 13:41
VLAI
Title
Directus doesn't redact tokens in Flow logs
Summary
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive data like access and refresh tokens in cookies. Malicious admins with access to the logs can hijack the user sessions within the token expiration time of them triggering the Flow. Version 11.9.0 fixes the issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
  • CWE-532 - Insertion of Sensitive Information into Log File
Assigner
Impacted products
Vendor Product Version
directus directus Affected: >= 9.0.0, < 11.9.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53886",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-15T13:41:05.387368Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-15T13:41:18.865Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "directus",
          "vendor": "directus",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 9.0.0, \u003c 11.9.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive data like access and refresh tokens in cookies. Malicious admins with access to the logs can hijack the user sessions within the token expiration time of them triggering the Flow. Version 11.9.0 fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-212",
              "description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532: Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-14T23:35:56.448Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/directus/directus/security/advisories/GHSA-f24x-rm6g-3w5v",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/directus/directus/security/advisories/GHSA-f24x-rm6g-3w5v"
        },
        {
          "name": "https://github.com/directus/directus/pull/25354",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/directus/directus/pull/25354"
        },
        {
          "name": "https://github.com/directus/directus/commit/22be460c76957708d67fdd52846a9ad1cbb083fb",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/directus/directus/commit/22be460c76957708d67fdd52846a9ad1cbb083fb"
        },
        {
          "name": "https://github.com/directus/directus/releases/tag/v11.9.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/directus/directus/releases/tag/v11.9.0"
        }
      ],
      "source": {
        "advisory": "GHSA-f24x-rm6g-3w5v",
        "discovery": "UNKNOWN"
      },
      "title": "Directus doesn\u0027t redact tokens in Flow logs"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-53886",
    "datePublished": "2025-07-14T23:35:56.448Z",
    "dateReserved": "2025-07-11T19:05:23.824Z",
    "dateUpdated": "2025-07-15T13:41:18.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-48708 (GCVE-0-2025-48708)

Vulnerability from cvelistv5 – Published: 2025-05-23 00:00 – Updated: 2025-05-24 00:11
VLAI
Summary
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
Assigner
Impacted products
Vendor Product Version
Artifex Ghostscript Affected: 0 , < 10.05.1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48708",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-23T13:21:22.077960Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-23T13:21:34.502Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-24T00:11:29.484Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/05/23/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Ghostscript",
          "vendor": "Artifex",
          "versions": [
            {
              "lessThan": "10.05.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.05.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-212",
              "description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-23T14:20:13.175Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.ghostscript.com/show_bug.cgi?id=708446"
        },
        {
          "url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b587663c623b4462f9e78686a31fd880207303ee"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-48708",
    "datePublished": "2025-05-23T00:00:00.000Z",
    "dateReserved": "2025-05-23T00:00:00.000Z",
    "dateUpdated": "2025-05-24T00:11:29.484Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-27221 (GCVE-0-2025-27221)

Vulnerability from cvelistv5 – Published: 2025-03-03 00:00 – Updated: 2025-11-03 21:13
VLAI
Summary
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
Assigner
Impacted products
Vendor Product Version
ruby-lang URI Affected: 0 , < 0.11.3 (custom)
Affected: 0.12.0 , < 0.12.4 (custom)
Affected: 0.13.0 , < 0.13.2 (custom)
Affected: 1.0.0 , < 1.0.3 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27221",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-04T16:38:46.135358Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-04T16:39:00.368Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:13:26.685Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "URI",
          "vendor": "ruby-lang",
          "versions": [
            {
              "lessThan": "0.11.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "0.12.4",
              "status": "affected",
              "version": "0.12.0",
              "versionType": "custom"
            },
            {
              "lessThan": "0.13.2",
              "status": "affected",
              "version": "0.13.0",
              "versionType": "custom"
            },
            {
              "lessThan": "1.0.3",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "0.11.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "0.12.4",
                  "versionStartIncluding": "0.12.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "0.13.2",
                  "versionStartIncluding": "0.13.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.0.3",
                  "versionStartIncluding": "1.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-212",
              "description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-03T23:58:48.831Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://hackerone.com/reports/2957667"
        },
        {
          "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-27221",
    "datePublished": "2025-03-03T00:00:00.000Z",
    "dateReserved": "2025-02-20T00:00:00.000Z",
    "dateUpdated": "2025-11-03T21:13:26.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-24884 (GCVE-0-2025-24884)

Vulnerability from cvelistv5 – Published: 2025-01-29 20:15 – Updated: 2025-01-31 16:56
VLAI
Title
kube-audit-rest's example logging configuration could disclose secret values in the audit log
Summary
kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is fixed in 1.0.16.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
  • CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
Vendor Product Version
RichardoC kube-audit-rest Affected: < 1.0.16
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24884",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-31T16:55:48.284204Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-31T16:56:01.134Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kube-audit-rest",
          "vendor": "RichardoC",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.0.16"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the \"full-elastic-stack\" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is fixed in 1.0.16."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-212",
              "description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532: Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-29T20:15:39.454Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/RichardoC/kube-audit-rest/security/advisories/GHSA-hcr5-wv4p-h2g2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/RichardoC/kube-audit-rest/security/advisories/GHSA-hcr5-wv4p-h2g2"
        },
        {
          "name": "https://github.com/RichardoC/kube-audit-rest/commit/db1aa5b867256b0a7bf206544c6981ab068b73dc",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/RichardoC/kube-audit-rest/commit/db1aa5b867256b0a7bf206544c6981ab068b73dc"
        }
      ],
      "source": {
        "advisory": "GHSA-hcr5-wv4p-h2g2",
        "discovery": "UNKNOWN"
      },
      "title": "kube-audit-rest\u0027s example logging configuration could disclose secret values in the audit log"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-24884",
    "datePublished": "2025-01-29T20:15:39.454Z",
    "dateReserved": "2025-01-27T15:32:29.450Z",
    "dateUpdated": "2025-01-31T16:56:01.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-20118 (GCVE-0-2025-20118)

Vulnerability from cvelistv5 – Published: 2025-02-26 16:23 – Updated: 2025-03-03 19:03
VLAI
Title
Cisco Application Policy Infrastructure Controller Authenticated Command Injection Due to Sensitive Disclosure Vulnerability
Summary
A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient masking of sensitive information that is displayed through system CLI commands. An attacker could exploit this vulnerability by using reconnaissance techniques at the device CLI. A successful exploit could allow the attacker to access sensitive information on an affected device that could be used for additional attacks.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Application Policy Infrastructure Controller (APIC) Affected: 3.2(8d)
Affected: 3.2(1m)
Affected: 3.2(5e)
Affected: 4.1(2m)
Affected: 3.2(41d)
Affected: 3.2(3s)
Affected: 4.0(3c)
Affected: 4.1(1k)
Affected: 3.2(4d)
Affected: 4.2(2e)
Affected: 4.2(3j)
Affected: 4.2(3n)
Affected: 4.0(1h)
Affected: 4.1(1l)
Affected: 3.2(9f)
Affected: 4.2(3l)
Affected: 4.2(2g)
Affected: 3.2(7k)
Affected: 3.2(9b)
Affected: 3.2(3j)
Affected: 4.1(2u)
Affected: 4.2(1l)
Affected: 4.1(1a)
Affected: 4.0(3d)
Affected: 3.2(4e)
Affected: 4.1(1i)
Affected: 3.2(5f)
Affected: 3.2(1l)
Affected: 4.2(1i)
Affected: 4.1(2o)
Affected: 4.2(1g)
Affected: 4.1(2g)
Affected: 4.2(2f)
Affected: 3.2(6i)
Affected: 3.2(3i)
Affected: 3.2(3n)
Affected: 4.1(2x)
Affected: 3.2(5d)
Affected: 4.2(3q)
Affected: 4.1(1j)
Affected: 4.1(2w)
Affected: 3.2(2o)
Affected: 3.2(3r)
Affected: 4.0(2c)
Affected: 4.1(2s)
Affected: 3.2(7f)
Affected: 3.2(3o)
Affected: 3.2(2l)
Affected: 4.2(1j)
Affected: 4.2(4i)
Affected: 3.2(9h)
Affected: 5.0(1k)
Affected: 4.2(4k)
Affected: 5.0(1l)
Affected: 5.0(2e)
Affected: 4.2(4o)
Affected: 4.2(4p)
Affected: 5.0(2h)
Affected: 4.2(5k)
Affected: 4.2(5l)
Affected: 4.2(5n)
Affected: 5.1(1h)
Affected: 4.2(6d)
Affected: 5.1(2e)
Affected: 4.2(6g)
Affected: 4.2(6h)
Affected: 5.1(3e)
Affected: 3.2(10e)
Affected: 4.2(6l)
Affected: 4.2(7f)
Affected: 5.1(4c)
Affected: 4.2(6o)
Affected: 5.2(1g)
Affected: 5.2(2e)
Affected: 4.2(7l)
Affected: 3.2(10f)
Affected: 5.2(2f)
Affected: 5.2(2g)
Affected: 4.2(7q)
Affected: 5.2(2h)
Affected: 5.2(3f)
Affected: 5.2(3e)
Affected: 5.2(3g)
Affected: 4.2(7r)
Affected: 4.2(7s)
Affected: 5.2(4d)
Affected: 5.2(4e)
Affected: 4.2(7t)
Affected: 5.2(5d)
Affected: 3.2(10g)
Affected: 5.2(5c)
Affected: 6.0(1g)
Affected: 4.2(7u)
Affected: 5.2(5e)
Affected: 5.2(4f)
Affected: 5.2(6e)
Affected: 6.0(1j)
Affected: 5.2(6g)
Affected: 5.2(7f)
Affected: 4.2(7v)
Affected: 5.2(7g)
Affected: 6.0(2h)
Affected: 4.2(7w)
Affected: 5.2(6h)
Affected: 5.2(4h)
Affected: 5.2(8d)
Affected: 6.0(2j)
Affected: 5.2(8e)
Affected: 6.0(3d)
Affected: 6.0(3e)
Affected: 5.2(8f)
Affected: 5.2(8g)
Affected: 5.3(1d)
Affected: 5.2(8h)
Affected: 6.0(4c)
Affected: 5.3(2a)
Affected: 5.2(8i)
Affected: 6.0(5h)
Affected: 5.3(2b)
Affected: 6.0(3g)
Affected: 6.0(5j)
Affected: 5.3(2c)
Affected: 6.0(6c)
Affected: 6.1(1f)
Affected: 6.0(7e)
Affected: 5.3(2d)
Affected: 6.0(8d)
Affected: 5.3(2e)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20118",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T17:51:08.139382Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-03T19:03:28.886Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Application Policy Infrastructure Controller (APIC)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.2(8d)"
            },
            {
              "status": "affected",
              "version": "3.2(1m)"
            },
            {
              "status": "affected",
              "version": "3.2(5e)"
            },
            {
              "status": "affected",
              "version": "4.1(2m)"
            },
            {
              "status": "affected",
              "version": "3.2(41d)"
            },
            {
              "status": "affected",
              "version": "3.2(3s)"
            },
            {
              "status": "affected",
              "version": "4.0(3c)"
            },
            {
              "status": "affected",
              "version": "4.1(1k)"
            },
            {
              "status": "affected",
              "version": "3.2(4d)"
            },
            {
              "status": "affected",
              "version": "4.2(2e)"
            },
            {
              "status": "affected",
              "version": "4.2(3j)"
            },
            {
              "status": "affected",
              "version": "4.2(3n)"
            },
            {
              "status": "affected",
              "version": "4.0(1h)"
            },
            {
              "status": "affected",
              "version": "4.1(1l)"
            },
            {
              "status": "affected",
              "version": "3.2(9f)"
            },
            {
              "status": "affected",
              "version": "4.2(3l)"
            },
            {
              "status": "affected",
              "version": "4.2(2g)"
            },
            {
              "status": "affected",
              "version": "3.2(7k)"
            },
            {
              "status": "affected",
              "version": "3.2(9b)"
            },
            {
              "status": "affected",
              "version": "3.2(3j)"
            },
            {
              "status": "affected",
              "version": "4.1(2u)"
            },
            {
              "status": "affected",
              "version": "4.2(1l)"
            },
            {
              "status": "affected",
              "version": "4.1(1a)"
            },
            {
              "status": "affected",
              "version": "4.0(3d)"
            },
            {
              "status": "affected",
              "version": "3.2(4e)"
            },
            {
              "status": "affected",
              "version": "4.1(1i)"
            },
            {
              "status": "affected",
              "version": "3.2(5f)"
            },
            {
              "status": "affected",
              "version": "3.2(1l)"
            },
            {
              "status": "affected",
              "version": "4.2(1i)"
            },
            {
              "status": "affected",
              "version": "4.1(2o)"
            },
            {
              "status": "affected",
              "version": "4.2(1g)"
            },
            {
              "status": "affected",
              "version": "4.1(2g)"
            },
            {
              "status": "affected",
              "version": "4.2(2f)"
            },
            {
              "status": "affected",
              "version": "3.2(6i)"
            },
            {
              "status": "affected",
              "version": "3.2(3i)"
            },
            {
              "status": "affected",
              "version": "3.2(3n)"
            },
            {
              "status": "affected",
              "version": "4.1(2x)"
            },
            {
              "status": "affected",
              "version": "3.2(5d)"
            },
            {
              "status": "affected",
              "version": "4.2(3q)"
            },
            {
              "status": "affected",
              "version": "4.1(1j)"
            },
            {
              "status": "affected",
              "version": "4.1(2w)"
            },
            {
              "status": "affected",
              "version": "3.2(2o)"
            },
            {
              "status": "affected",
              "version": "3.2(3r)"
            },
            {
              "status": "affected",
              "version": "4.0(2c)"
            },
            {
              "status": "affected",
              "version": "4.1(2s)"
            },
            {
              "status": "affected",
              "version": "3.2(7f)"
            },
            {
              "status": "affected",
              "version": "3.2(3o)"
            },
            {
              "status": "affected",
              "version": "3.2(2l)"
            },
            {
              "status": "affected",
              "version": "4.2(1j)"
            },
            {
              "status": "affected",
              "version": "4.2(4i)"
            },
            {
              "status": "affected",
              "version": "3.2(9h)"
            },
            {
              "status": "affected",
              "version": "5.0(1k)"
            },
            {
              "status": "affected",
              "version": "4.2(4k)"
            },
            {
              "status": "affected",
              "version": "5.0(1l)"
            },
            {
              "status": "affected",
              "version": "5.0(2e)"
            },
            {
              "status": "affected",
              "version": "4.2(4o)"
            },
            {
              "status": "affected",
              "version": "4.2(4p)"
            },
            {
              "status": "affected",
              "version": "5.0(2h)"
            },
            {
              "status": "affected",
              "version": "4.2(5k)"
            },
            {
              "status": "affected",
              "version": "4.2(5l)"
            },
            {
              "status": "affected",
              "version": "4.2(5n)"
            },
            {
              "status": "affected",
              "version": "5.1(1h)"
            },
            {
              "status": "affected",
              "version": "4.2(6d)"
            },
            {
              "status": "affected",
              "version": "5.1(2e)"
            },
            {
              "status": "affected",
              "version": "4.2(6g)"
            },
            {
              "status": "affected",
              "version": "4.2(6h)"
            },
            {
              "status": "affected",
              "version": "5.1(3e)"
            },
            {
              "status": "affected",
              "version": "3.2(10e)"
            },
            {
              "status": "affected",
              "version": "4.2(6l)"
            },
            {
              "status": "affected",
              "version": "4.2(7f)"
            },
            {
              "status": "affected",
              "version": "5.1(4c)"
            },
            {
              "status": "affected",
              "version": "4.2(6o)"
            },
            {
              "status": "affected",
              "version": "5.2(1g)"
            },
            {
              "status": "affected",
              "version": "5.2(2e)"
            },
            {
              "status": "affected",
              "version": "4.2(7l)"
            },
            {
              "status": "affected",
              "version": "3.2(10f)"
            },
            {
              "status": "affected",
              "version": "5.2(2f)"
            },
            {
              "status": "affected",
              "version": "5.2(2g)"
            },
            {
              "status": "affected",
              "version": "4.2(7q)"
            },
            {
              "status": "affected",
              "version": "5.2(2h)"
            },
            {
              "status": "affected",
              "version": "5.2(3f)"
            },
            {
              "status": "affected",
              "version": "5.2(3e)"
            },
            {
              "status": "affected",
              "version": "5.2(3g)"
            },
            {
              "status": "affected",
              "version": "4.2(7r)"
            },
            {
              "status": "affected",
              "version": "4.2(7s)"
            },
            {
              "status": "affected",
              "version": "5.2(4d)"
            },
            {
              "status": "affected",
              "version": "5.2(4e)"
            },
            {
              "status": "affected",
              "version": "4.2(7t)"
            },
            {
              "status": "affected",
              "version": "5.2(5d)"
            },
            {
              "status": "affected",
              "version": "3.2(10g)"
            },
            {
              "status": "affected",
              "version": "5.2(5c)"
            },
            {
              "status": "affected",
              "version": "6.0(1g)"
            },
            {
              "status": "affected",
              "version": "4.2(7u)"
            },
            {
              "status": "affected",
              "version": "5.2(5e)"
            },
            {
              "status": "affected",
              "version": "5.2(4f)"
            },
            {
              "status": "affected",
              "version": "5.2(6e)"
            },
            {
              "status": "affected",
              "version": "6.0(1j)"
            },
            {
              "status": "affected",
              "version": "5.2(6g)"
            },
            {
              "status": "affected",
              "version": "5.2(7f)"
            },
            {
              "status": "affected",
              "version": "4.2(7v)"
            },
            {
              "status": "affected",
              "version": "5.2(7g)"
            },
            {
              "status": "affected",
              "version": "6.0(2h)"
            },
            {
              "status": "affected",
              "version": "4.2(7w)"
            },
            {
              "status": "affected",
              "version": "5.2(6h)"
            },
            {
              "status": "affected",
              "version": "5.2(4h)"
            },
            {
              "status": "affected",
              "version": "5.2(8d)"
            },
            {
              "status": "affected",
              "version": "6.0(2j)"
            },
            {
              "status": "affected",
              "version": "5.2(8e)"
            },
            {
              "status": "affected",
              "version": "6.0(3d)"
            },
            {
              "status": "affected",
              "version": "6.0(3e)"
            },
            {
              "status": "affected",
              "version": "5.2(8f)"
            },
            {
              "status": "affected",
              "version": "5.2(8g)"
            },
            {
              "status": "affected",
              "version": "5.3(1d)"
            },
            {
              "status": "affected",
              "version": "5.2(8h)"
            },
            {
              "status": "affected",
              "version": "6.0(4c)"
            },
            {
              "status": "affected",
              "version": "5.3(2a)"
            },
            {
              "status": "affected",
              "version": "5.2(8i)"
            },
            {
              "status": "affected",
              "version": "6.0(5h)"
            },
            {
              "status": "affected",
              "version": "5.3(2b)"
            },
            {
              "status": "affected",
              "version": "6.0(3g)"
            },
            {
              "status": "affected",
              "version": "6.0(5j)"
            },
            {
              "status": "affected",
              "version": "5.3(2c)"
            },
            {
              "status": "affected",
              "version": "6.0(6c)"
            },
            {
              "status": "affected",
              "version": "6.1(1f)"
            },
            {
              "status": "affected",
              "version": "6.0(7e)"
            },
            {
              "status": "affected",
              "version": "5.3(2d)"
            },
            {
              "status": "affected",
              "version": "6.0(8d)"
            },
            {
              "status": "affected",
              "version": "5.3(2e)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to insufficient masking of sensitive information that is displayed through system CLI commands. An attacker could exploit this vulnerability by using reconnaissance techniques at the device CLI. A successful exploit could allow the attacker to access sensitive information on an affected device that could be used for additional attacks."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-212",
              "description": "Improper Removal of Sensitive Information Before Storage or Transfer",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-26T17:13:05.215Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-apic-multi-vulns-9ummtg5",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5"
        }
      ],
      "source": {
        "advisory": "cisco-sa-apic-multi-vulns-9ummtg5",
        "defects": [
          "CSCwk18864"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Application Policy Infrastructure Controller Authenticated Command Injection Due to Sensitive Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20118",
    "datePublished": "2025-02-26T16:23:28.132Z",
    "dateReserved": "2024-10-10T19:15:13.211Z",
    "dateUpdated": "2025-03-03T19:03:28.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-14267 (GCVE-0-2025-14267)

Vulnerability from cvelistv5 – Published: 2025-12-19 06:15 – Updated: 2026-02-23 10:35
VLAI
Title
Unintended temporary cached data included in a structure only copy intended to be empty of data
Summary
Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
Impacted products
Vendor Product Version
M-Files Corporation M-Files Server Affected: 0 , < 25.12.15491.7 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14267",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-19T15:39:44.479615Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-19T15:39:54.861Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "M-Files Server",
          "vendor": "M-Files Corporation",
          "versions": [
            {
              "lessThan": "25.12.15491.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7"
            }
          ],
          "value": "Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-410",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-410 Information Elicitation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-212",
              "description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-23T10:35:14.878Z",
        "orgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410",
        "shortName": "M-Files Corporation"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://product.m-files.com/security-advisories/cve-2025-14267/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://empower.m-files.com/security-advisories/CVE-2025-14267"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "Unintended temporary cached data included in a structure only copy intended to be empty of data",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410",
    "assignerShortName": "M-Files Corporation",
    "cveId": "CVE-2025-14267",
    "datePublished": "2025-12-19T06:15:09.580Z",
    "dateReserved": "2025-12-08T13:09:32.914Z",
    "dateUpdated": "2026-02-23T10:35:14.878Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Requirements

Clearly specify which information should be regarded as private or sensitive, and require that the product offers functionality that allows the user to cleanse the sensitive information from the resource before it is published or exported to other parties.

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-57
Implementation Operation

Strategy: Attack Surface Reduction

  • Some tools can automatically analyze documents to redact, strip, or "sanitize" private information, although some human review might be necessary. Tools may vary in terms of which document formats can be processed.
  • When calling an external program to automatically generate or convert documents, invoke the program with any available options that avoid generating sensitive metadata. Some formats have well-defined fields that could contain private data, such as Exchangeable image file format (Exif), which can contain potentially sensitive metadata such as geolocation, date, and time [REF-1515] [REF-1516].
Mitigation MIT-33
Implementation

Strategy: Attack Surface Reduction

Use naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.

Mitigation
Implementation

Avoid errors related to improper resource shutdown or release (CWE-404), which may leave the sensitive data within the resource if it is in an incomplete state.

CAPEC-168: Windows ::DATA Alternate Data Stream

An attacker exploits the functionality of Microsoft NTFS Alternate Data Streams (ADS) to undermine system security. ADS allows multiple "files" to be stored in one directory entry referenced as filename:streamname. One or more alternate data streams may be stored in any file or directory. Normal Microsoft utilities do not show the presence of an ADS stream attached to a file. The additional space for the ADS is not recorded in the displayed file size. The additional space for ADS is accounted for in the used space on the volume. An ADS can be any type of file. ADS are copied by standard Microsoft utilities between NTFS volumes. ADS can be used by an attacker or intruder to hide tools, scripts, and data from detection by normal system utilities. Many anti-virus programs do not check for or scan ADS. Windows Vista does have a switch (-R) on the command line DIR command that will display alternate streams.