{"uuid": "5a8a02b4-4677-4293-aa37-3926f882fd8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4166", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14497", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4166\n\ud83d\udd25 CVSS Score: 4.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is fixed in Vault Community 1.19.3 and Vault Enterprise 1.19.3, 1.18.9, 1.17.16, 1.16.20.\n\ud83d\udccf Published: 2025-05-02T14:57:58.710Z\n\ud83d\udccf Modified: 2025-05-02T14:57:58.710Z\n\ud83d\udd17 References:\n1. https://discuss.hashicorp.com/t/hcsec-2025-09-vault-may-expose-sensitive-information-in-error-logs-when-processing-malformed-data-with-the-kv-v2-plugin", "creation_timestamp": "2025-05-02T15:17:00.000000Z"}