CVE-2025-48374

CVSS v4.0

6.9

Medium

Vector

AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions zot versions prior to 2.1.3

Description The issue concerns the exposure of the Keycloak client secret in the container stdout logs at startup when using Keycloak as an OIDC provider. This occurs due to a flaw in handling sensitive information.

Recommendations For versions prior to 2.1.3, update to version 2.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the container logs to minimize the risk of exploitation.

Exploit

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2025-48374

GHSA-C37V-3C8W-CRQ8

GO-2025-3705

OPENSUSE-SU-2025:15179-1

Affected Products

Keycloak

Zot

CVE-2025-48374

Weakness Enumeration

Related Identifiers

Affected Products

References · 17