CVE-2022-0725

HIGH

KeePass - Information Exposure via Plain Text Password Logging

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-0725. PoCs published by ByteHackr, bytehackr.

AI-analyzed exploit summary This repository provides a proof-of-concept for CVE-2022-0725, an information exposure vulnerability in KeePass 2.48. The vulnerability allows plaintext passwords to be logged in system logs when using the clear timeout feature.

Description

A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.

Exploits (2)

nomisec WRITEUP 4 stars

by ByteHackr · poc

https://github.com/ByteHackr/keepass_poc

View Code ZIP pw:eip

This repository provides a proof-of-concept for CVE-2022-0725, an information exposure vulnerability in KeePass 2.48. The vulnerability allows plaintext passwords to be logged in system logs when using the clear timeout feature.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: KeePass 2.48

No auth needed

Prerequisites: KeePass 2.48 installed · Access to system logs

MITRE ATT&CK

T1539 - Steal Web Session Cookie T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

gitlab WORKING POC

by bytehackr · poc

https://gitlab.com/bytehackr/keepass_poc

View Code ZIP pw:eip

This PoC demonstrates an information exposure vulnerability in KeePass 2.48 where plaintext passwords are logged in system logs when using the auto-type feature. The steps involve monitoring logs while triggering the clear timeout mechanism.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: KeePass 2.48

Auth required

Prerequisites: Access to the system running KeePass · Ability to monitor system logs (e.g., journalctl)

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1

Core References

Issue Tracking, Third Party Advisory x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=2052696

Scores

CVSS v3 7.5

EPSS 0.0241

EPSS Percentile 82.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200 CWE-532

Status published

Products (3)

fedoraproject/extra_packages_for_enterprise_linux 7.0

fedoraproject/fedora 35

keepass/keepass 2.48

Published Mar 10, 2022

Tracked Since Feb 18, 2026