๐Ÿ›ก๏ธ CVE-2025-64761
๐ŸŸ  CVSS 8.0 โ€” High โœ… No Known Exploit CWE-266 NVD
8.0
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when: an operator in the root namespace has access to identity/groups endpoints and an operator does not have policy access. Otherwise, an operator with policy access could create or modify an existing policy to grant root-equivalent permissions through the sudo capability. This issue has been patched in version 2.4.4.

Details

Severity HIGH
CVSS Score 8.0
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE CWE-266
Public Exploit โœ… No
Source NVD
Published 2025-11-24
Updated 2026-06-15
Modified 2025-11-27

Affected Packages

Software From version Fixed in
github.com/openbao/openbao โ€” โ€”
openbao โ€” 2.4.4

Similar Threats

Vulnerability Monitoring

Stay informed about vulnerabilities in your stack

BotEraser monitors your WordPress installation and notifies you when software you use appears in our vulnerability database.

Set Up Free Alerts โ†’

No credit card required  ยท  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.