CVE-2025-54997 – OpenBao Audit Subsystem Privilege Escalation

August 9, 2025

CVE ID : CVE-2025-54997

Published : Aug. 9, 2025, 3:15 a.m. | 21 hours, 26 minutes ago

Description : OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing system code or making network connections. However, these operators can bypass both restrictions through the audit subsystem by manipulating log prefixes. This allows unauthorized code execution and network access that violates the intended security model. This issue is fixed in version 2.3.2. To workaround, users can block access to sys/audit/* endpoints using explicit deny policies, but root operators cannot be restricted this way.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-55013 – Assemblyline 4 Service Client Path Traversal Vulnerability

Next Article Microsoft Copilot quietly tests ChatGPT Connectors feature, lets you view OneDrive content

Highlights

CVE-2025-7338 – Multer DoS Vulnerability

July 17, 2025

CVE ID : CVE-2025-7338

Published : July 17, 2025, 4:15 p.m. | 2 hours, 21 minutes ago

Description : Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-54997 – OpenBao Audit Subsystem Privilege Escalation

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

CVE-2025-52557 – Mail-0’s Zero JavaScript Injection Vulnerability

Gameeky – create and explore cooperative games

CVE-2025-6750 – HDF5 Heap-Based Buffer Overflow Vulnerability

CVE-2025-6811 – Mescius ActiveReports.NET TypeResolutionService Deserialization Remote Code Execution Vulnerability

CVE-2025-7338 – Multer DoS Vulnerability

Max-Severity Commvault Bug Alarms Researchers

Microsoft confirms limited Microsoft 365 app support on Windows 10 after October 2025

CVE-2025-28039 – TOTOLINK EX1200T Remote Command Execution Vulnerability

CVE-2025-54997 – OpenBao Audit Subsystem Privilege Escalation

Related Posts