CVE-2025-59043

Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.4.1

Description OpenBao is an open source identity-based secrets management system. Versions prior to 2.4.1 are susceptible to a denial of service condition. Specifically, crafted JSON payloads can cause excessive memory usage during decoding, potentially exceeding the max request size configuration parameter. This can lead to an out-of-memory crash, even for unauthenticated attackers. Additionally, requests containing a large number of strings can cause high CPU consumption within the audit subsystem. The issue stems from a significant difference between the memory used by serialized and deserialized JSON objects, with exploitation factors reaching approximately 35.

Recommendations Update to OpenBao version 2.4.1 or later.