CVE-2025-67745
HIGHMyHoard 1.0.1-1.2.9 - Sensitive Data Exposure via Backup Log
Title source: llmDescription
MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/Aiven-Open/myhoard/security/advisories/GHSA-v42r-6hr9-4hcr
Scores
CVSS v3
7.1
EPSS
0.0014
EPSS Percentile
3.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-402
Status
published
Products (1)
aiven/myhoard
1.0.1 - 1.3.0
Published
Dec 18, 2025
Tracked Since
Feb 18, 2026