CVE-2025-67745

Summary

MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null.

Affected Software

VendorProductVersion RangeStatus
Aiven-Openmyhoard>= 1.0.1, < 1.3.0affected

Weaknesses

  • CWE-402: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References