CVE-2025-8864

Summary

Shared Access Signature token is not masked in the backup configuration response and is also exposed in the yb_backup logs

Affected Software

VendorProductVersion RangeStatus
YugabyteDB IncYugabyteDB Anywhere2.20.0.0 < 2.20.7.0unaffected
YugabyteDB IncYugabyteDB Anywhere2.23.0.0 < 2.23.1.0affected
YugabyteDB IncYugabyteDB Anywhere2024.1.0.0 < 2024.1.3.0affected

Weaknesses

  • CWE-532: CWE-532 Insertion of Sensitive Information into Log File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References