Myhoard logs backup encryption key in plain text_CVE-2025-67745

7.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Description

MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null.

Basic Information

ID CVE-2025-67745

Source GitHub_M

Published Dec 18, 2025 at 18:37

Modified Dec 18, 2025 at 19:00

Affected Product

Vendor Aiven-Open

Product myhoard

Version >= 1.0.1, < 1.3.0

Affected Versions Aiven-Open myhoard >= 1.0.1, < 1.3.0

CWE Classification

CWE-402

References

{
    "lastseen": "",
    "description": "MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null.",
    "published": "2025-12-18T18:37:50.466Z",
    "modified": "2025-12-18T19:00:17.983Z",
    "type": "cve",
    "title": "Myhoard logs backup encryption key in plain text",
    "source": "GitHub_M",
    "references": "https://github.com/Aiven-Open/myhoard/security/advisories/GHSA-v42r-6hr9-4hcr\nhttps://github.com/Aiven-Open/myhoard/commit/fac89793bfc8c81ae040aadf5292f5d0100b6640",
    "id": "CVE-2025-67745",
    "bulletinFamily": "",
    "cwe": [
        "CWE-402"
    ],
    "cvelist": null,
    "sourceData": "Aiven-Open myhoard >= 1.0.1, < 1.3.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "myhoard",
    "version": ">= 1.0.1, < 1.3.0",
    "vendor": "Aiven-Open",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}