CVE-2025-67745

Description

MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Affected products

Aiven-Open / myhoard>= 1.0.1, < 1.3.0 – >= 1.0.1, < 1.3.0

References

VENDOR_ADVISORYhttps://github.com/Aiven-Open/myhoard/security/advisories/GHSA-v42r-6hr9-4hcr
PATCHhttps://github.com/Aiven-Open/myhoard/commit/fac89793bfc8c81ae040aadf5292f5d0100b6640