{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-67745","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2025-12-11T18:08:02.946Z","datePublished":"2025-12-18T18:37:50.466Z","dateUpdated":"2025-12-18T19:00:17.983Z"},"containers":{"cna":{"title":"Myhoard logs backup encryption key in plain text","problemTypes":[{"descriptions":[{"cweId":"CWE-402","lang":"en","description":"CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","version":"3.1"}}],"references":[{"name":"https://github.com/Aiven-Open/myhoard/security/advisories/GHSA-v42r-6hr9-4hcr","tags":["x_refsource_CONFIRM"],"url":"https://github.com/Aiven-Open/myhoard/security/advisories/GHSA-v42r-6hr9-4hcr"},{"name":"https://github.com/Aiven-Open/myhoard/commit/fac89793bfc8c81ae040aadf5292f5d0100b6640","tags":["x_refsource_MISC"],"url":"https://github.com/Aiven-Open/myhoard/commit/fac89793bfc8c81ae040aadf5292f5d0100b6640"}],"affected":[{"vendor":"Aiven-Open","product":"myhoard","versions":[{"version":">= 1.0.1, < 1.3.0","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2025-12-18T18:37:50.466Z"},"descriptions":[{"lang":"en","value":"MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null."}],"source":{"advisory":"GHSA-v42r-6hr9-4hcr","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-18T18:59:53.343079Z","id":"CVE-2025-67745","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-18T19:00:17.983Z"}}]}}