CVE-2025-67745 HIGH

CVE-2025-67745: Myhoard logs backup encryption key in plain text

Vendor Aiven-Open
Product myhoard
Weakness CWE-402
Published December 18, 2025
Last update December 18, 2025

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null.

Key dates

02Disclosure timeline

December 18, 2025 CVE published
December 18, 2025 Record updated