Refine your search
1 vulnerability found for by Aiven-Open
CVE-2025-67745 (GCVE-0-2025-67745)
Vulnerability from cvelistv5
Published
2025-12-18 18:37
Modified
2025-12-18 19:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')
Summary
MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Aiven-Open | myhoard |
Version: >= 1.0.1, < 1.3.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-67745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T18:59:53.343079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T19:00:17.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "myhoard",
"vendor": "Aiven-Open",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.1, \u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-402",
"description": "CWE-402: Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T18:37:50.466Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Aiven-Open/myhoard/security/advisories/GHSA-v42r-6hr9-4hcr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Aiven-Open/myhoard/security/advisories/GHSA-v42r-6hr9-4hcr"
},
{
"name": "https://github.com/Aiven-Open/myhoard/commit/fac89793bfc8c81ae040aadf5292f5d0100b6640",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Aiven-Open/myhoard/commit/fac89793bfc8c81ae040aadf5292f5d0100b6640"
}
],
"source": {
"advisory": "GHSA-v42r-6hr9-4hcr",
"discovery": "UNKNOWN"
},
"title": "Myhoard logs backup encryption key in plain text"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-67745",
"datePublished": "2025-12-18T18:37:50.466Z",
"dateReserved": "2025-12-11T18:08:02.946Z",
"dateUpdated": "2025-12-18T19:00:17.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}