CVE-2025-30205

Name of the Vulnerable Software and Affected Versions kanidm-provision versions prior to 1.2.0

Description The issue is related to a faulty function instrumentation in the optional kanidm patches provided by kanidm-provision, which causes the provisioned admin credentials to be leaked to the system log. This only affects users who use the provided patches and provision their admin or idm admin account credentials. No other credentials are affected.

Recommendations For versions prior to 1.2.0, recompile kanidm with the newest patchset from tag v1.2.0 or higher. As a temporary workaround, set the log level KANIDM LOG LEVEL to any level higher than info, for example warn.