CVE-2025-67745

HIGH

MyHoard 1.0.1-1.2.9 - Sensitive Data Exposure via Backup Log

Title source: llm
STIX 2.1

Description

MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null.

Scores

CVSS v3 7.1
EPSS 0.0014
EPSS Percentile 3.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-402
Status published
Products (1)
aiven/myhoard 1.0.1 - 1.3.0
Published Dec 18, 2025
Tracked Since Feb 18, 2026