kayx23 commented on code in PR #1971: URL: https://github.com/apache/apisix-website/pull/1971#discussion_r2480463842
########## blog/en/blog/2025/10/31/cve-2025-62232.md: ########## @@ -0,0 +1,35 @@ +--- +title: "Insertion of Sensitive Information into Log File (CVE-2025-62232)" +keywords: +- Vulnerability +description: Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. +tags: [Vulnerabilities] +image: https://static.api7.ai/uploads/2025/10/31/Y5eZJgtV_CVE-2025-62232.png +--- + +> For APISIX versions 1.0 and later, logging in basic-auth leads to plaintext usernames and passwords written to error logs. +<!--truncate--> + +## Problem Description + +Sensitive data exposure via logging in `basic-auth` leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. + +## Affected Versions + +This issue affects Apache APISIX versions: 1.0 onwards all versions upto 3.14. + +## Solution + +Users are recommended to upgrade to version 3.14, which fixes this issue. + +## Vulnerability details + +Severity: Moderate + +Vulnerability public date: October 30, 2025 + +CVE details: https://nvd.nist.gov/vuln/detail/CVE-2025-62232 Review Comment: <img width="1158" height="207" alt="Image" src="https://github.com/user-attachments/assets/86031f82-df30-47e4-a935-d69456d2705e"; /> ########## blog/en/blog/2025/10/31/cve-2025-62232.md: ########## @@ -0,0 +1,35 @@ +--- +title: "Insertion of Sensitive Information into Log File (CVE-2025-62232)" +keywords: +- Vulnerability +description: Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. +tags: [Vulnerabilities] +image: https://static.api7.ai/uploads/2025/10/31/Y5eZJgtV_CVE-2025-62232.png +--- + +> For APISIX versions 1.0 and later, logging in basic-auth leads to plaintext usernames and passwords written to error logs. +<!--truncate--> + +## Problem Description + +Sensitive data exposure via logging in `basic-auth` leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. + +## Affected Versions + +This issue affects Apache APISIX versions: 1.0 onwards all versions upto 3.14. Review Comment: ```suggestion This issue affects all Apache APISIX versions starting from 1.0 through 3.14. ``` ########## blog/en/blog/2025/10/31/cve-2025-62232.md: ########## @@ -0,0 +1,35 @@ +--- +title: "Insertion of Sensitive Information into Log File (CVE-2025-62232)" +keywords: +- Vulnerability +description: Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. +tags: [Vulnerabilities] +image: https://static.api7.ai/uploads/2025/10/31/Y5eZJgtV_CVE-2025-62232.png +--- + +> For APISIX versions 1.0 and later, logging in basic-auth leads to plaintext usernames and passwords written to error logs. +<!--truncate--> + +## Problem Description + +Sensitive data exposure via logging in `basic-auth` leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. + +## Affected Versions + +This issue affects Apache APISIX versions: 1.0 onwards all versions upto 3.14. + +## Solution + +Users are recommended to upgrade to version 3.14, which fixes this issue. + +## Vulnerability details + +Severity: Moderate + +Vulnerability public date: October 30, 2025 Review Comment: ```suggestion Vulnerability publication date: October 30, 2025 ``` ########## blog/en/blog/2025/10/31/cve-2025-62232.md: ########## @@ -0,0 +1,35 @@ +--- +title: "Insertion of Sensitive Information into Log File (CVE-2025-62232)" +keywords: +- Vulnerability +description: Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. +tags: [Vulnerabilities] +image: https://static.api7.ai/uploads/2025/10/31/Y5eZJgtV_CVE-2025-62232.png +--- + +> For APISIX versions 1.0 and later, logging in basic-auth leads to plaintext usernames and passwords written to error logs. +<!--truncate--> + +## Problem Description + +Sensitive data exposure via logging in `basic-auth` leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. Review Comment: ```suggestion Sensitive data exposure in `basic-auth` causes plaintext usernames and passwords to be written to error logs and forwarded to log sinks when the log level is set to INFO/DEBUG. This poses a high risk of credential compromise through log access. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
