CVE-2025-52893: 
Linux Alpine vulnerability analysis and mitigation

OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data (CVE-2025-52893). This vulnerability was discovered and disclosed in June 2025, affecting OpenBao's ability to manage, store, and distribute sensitive data including secrets, certificates, and keys. This is distinct from an earlier vulnerability (HCSEC-2025-09 / CVE-2025-4166) (GitHub Advisory, Wiz).

The vulnerability occurs when processing malformed data through OpenBao's framework, potentially exposing sensitive information in server and audit logs. The issue has been assigned a CVSS v3.1 score of 4.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N, indicating network accessibility with low attack complexity, requiring high privileges and user interaction (GitHub Advisory).

The vulnerability could result in the exposure of sensitive information in server and audit logs when processing malformed data. This information disclosure occurs specifically when handling improperly formatted requests, potentially revealing confidential data that should remain protected (GitHub Advisory).

The vulnerability has been fixed in OpenBao v2.3.0 and later versions. There is no known workaround except ensuring properly formatted requests from all clients. For users who suspect exposure, it is recommended to search through server and audit logs for potential information leaks and rotate any affected secrets (GitHub Advisory).