CVE-2025-50200 MEDIUM

CVE-2025-50200: RabbitMQ Node can log Basic Auth header from an HTTP request

Vendor Rabbitmq
Product rabbitmq-server
Weakness CWE-532 · Sensitive info in logs
Published June 19, 2025
Last update June 20, 2025

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8.

Key dates

02Disclosure timeline

June 19, 2025 CVE published
June 20, 2025 Record updated