CVE-2025-52490

HIGH

Couchbase Sync Gateway < 3.2.6 - Cleartext Transmission of Sensitive Information in Log Files

Title source: llm

Description

An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output.

References (3)

Core 3

Core References

Release Notes

https://docs.couchbase.com/server/current/release-notes/relnotes.html

Vendor Advisory

https://forums.couchbase.com/tags/security

Vendor Advisory

https://www.couchbase.com/alerts/

Scores

CVSS v3 7.3

EPSS 0.0017

EPSS Percentile 6.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (2)

couchbase/sync_gateway < 3.2.6

couchbase/sync_gateway 0 - 3.2.6Go

Published Jul 29, 2025

Tracked Since Feb 18, 2026