CVE-2025-52490

HIGH

Couchbase Sync Gateway < 3.2.6 - Cleartext Transmission

Title source: rule

Description

An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output.

References (3)

[Release Notes] https://docs.couchbase.com/server/current/release-notes/relnotes.html

[Vendor Advisory] https://forums.couchbase.com/tags/security

[Vendor Advisory] https://www.couchbase.com/alerts/

Scores

CVSS v3 7.3

EPSS 0.0008

EPSS Percentile 23.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (1)

couchbase/sync_gateway < 3.2.6

Published Jul 29, 2025

Tracked Since Feb 18, 2026