How severe is CVE-2025-24355?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2025-24355?

This is classified as CWE-359, which is a common weakness in software security.

CVE-2025-24355 - HIGH Severity | CVSS 7.1

Vulnerability Description

Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a `maven` source configured with basic auth credentials, the credentials are being leaked in the application execution logs in case of failure. Credentials are properly sanitized when the operation is successful but not when for whatever reason there is a failure in the maven repository, e.g. wrong coordinates provided, not existing artifact or version. Version 0.93.0 contains a patch for the issue.

Related Vulnerabilities

CVE-2023-2239

HIGH

CVSS:7.1(High)

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4.

CWE-3592023

CVE-2021-36723

HIGH

CVSS:7.5(High)

Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service.

CWE-3592021

CVE-2022-36091

HIGH

CVSS:7.5(High)

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Through the suggestion feature, string and list properties of objects the user shouldn't have access to can be a...

CWE-3592022

CVE-2022-41936

HIGH

CVSS:7.5(High)

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user's rights. T...

CWE-3592022

CVE-2023-2703

HIGH

CVSS:7.5(High)

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users....

CWE-3592023

CVE-2023-35151

HIGH

CVSS:7.5(High)

XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, ev...

CWE-3592023