CVE-2025-52894

Name of the Vulnerable Software and Affected Versions: OpenBao versions prior to 2.3.0

Description: OpenBao is a software solution for managing, storing, and distributing sensitive data, including secrets, certificates, and keys. The issue allows an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, resulting in a denial of service.

Recommendations: For OpenBao versions prior to 2.3.0, manually set the configuration option disable unauthed rekey endpoints=true to deny these endpoints on global listeners. As a temporary workaround, if an active proxy or load balancer sits in front of OpenBao, consider denying requests to these endpoints from unauthorized IP ranges. Update to version 2.3.0 or later, where the issue is resolved.