CVE-2025-50200

CWE-532 — Log File Information Exposure7 documents7 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 92.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Rabbitmq Server Rabbitmq Rabbitmq-server

Timeline

PublishedJun 19

Latest updateSep 23

Description

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

▶NVDbroadcom/rabbitmq_server< 4.0.8

▶Debianrabbitmq-server< 4.0.5-6+deb13u2+1

▶CVEListV5rabbitmq/rabbitmq-server3.13.7

🔴Vulnerability Details

OSV

CVE-2025-50200: RabbitMQ is a messaging and streaming broker↗2025-06-19

▶

CVEList

RabbitMQ Node can log Basic Auth header from an HTTP request↗2025-06-19

▶

📋Vendor Advisories

Ubuntu

RabbitMQ Server vulnerability↗2025-09-23

▶

Red Hat

rabbitmq-server: RabbitMQ Node can log Basic Auth header from an HTTP request↗2025-06-19

▶

Microsoft

RabbitMQ Node can log Basic Auth header from an HTTP request↗2025-06-10

▶

Debian

CVE-2025-50200: rabbitmq-server - RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, Rabb...↗2025

▶