CVE-2022-0725

HIGH

KeePass - Info Disclosure

Title source: llm

Description

A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.

Exploits (2)

nomisec WRITEUP 4 stars

by ByteHackr · poc

https://github.com/ByteHackr/keepass_poc

View Code ZIP pw:eip

gitlab WORKING POC

by bytehackr · poc

https://gitlab.com/bytehackr/keepass_poc

View Code ZIP pw:eip

References (1)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2052696

Scores

CVSS v3 7.5

EPSS 0.0114

EPSS Percentile 78.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-532 CWE-200

Status published

Products (3)

fedoraproject/extra_packages_for_enterprise_linux 7.0

fedoraproject/fedora 35

keepass/keepass 2.48

Published Mar 10, 2022

Tracked Since Feb 18, 2026