CVE-2025-62232
published 2025-10-31CVE-2025-62232: Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access.
It has been fixed in the following commit: https://github.com/apache/apisix/pull/12629
Users are recommended to upgrade to version 3.14, which fixes this issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | apisix | >= 1.0 < 3.14.0 | 3.14.0 |
| apache_software_foundation | apache_apisix | >= 1.0 < 3.14 | 3.14 |