CVE-2025-4166 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-4166 PUBLISHED

Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is fixed in Vault Community 1.19.3 and Vault Enterprise 1.19.3, 1.18.9, 1.17.16, 1.16.20.

EPSS 0.15% · 34.9th percentile

Risk Scores

EPSS Score

0.15%

34.9th percentile

Affected Products

Vendor	Product	Versions
Bitnami	vault	0.3.0
Bitnami	vault	0.3.0

Timeline

May 2, 2025 CVE Published
May 2, 2025 PoC Published
May 2, 2025 PoC Published
May 2, 2025 PoC Published
May 3, 2025 EPSS Score
May 6, 2025 CVE Updated
May 14, 2025 EPSS Score
May 25, 2025 EPSS Score
Jun 6, 2025 EPSS Score
Jun 13, 2025 Coalition ESS Score
Jun 17, 2025 EPSS Score
Jun 25, 2025 PoC Published

References

Open in Interactive Console →