openbao-2.2.2-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15186-1 Final 1 1 2025-05-31T00:00:00Z current 2025-05-31T00:00:00Z 2025-05-31T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z openbao-2.2.2-1.1 on GA media These are all security issues fixed in the openbao-2.2.2-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15186 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2WTWIK3Y7MJO72SFX7HD2C7EXIMLTHTW/ E-Mail link for openSUSE-SU-2025:15186-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-4166/ SUSE CVE CVE-2025-4166 page openSUSE Tumbleweed openbao-2.2.2-1.1 openbao-agent-2.2.2-1.1 openbao-cassandra-database-plugin-2.2.2-1.1 openbao-influxdb-database-plugin-2.2.2-1.1 openbao-mysql-database-plugin-2.2.2-1.1 openbao-mysql-legacy-database-plugin-2.2.2-1.1 openbao-postgresql-database-plugin-2.2.2-1.1 openbao-server-2.2.2-1.1 openbao-2.2.2-1.1 as a component of openSUSE Tumbleweed openbao-agent-2.2.2-1.1 as a component of openSUSE Tumbleweed openbao-cassandra-database-plugin-2.2.2-1.1 as a component of openSUSE Tumbleweed openbao-influxdb-database-plugin-2.2.2-1.1 as a component of openSUSE Tumbleweed openbao-mysql-database-plugin-2.2.2-1.1 as a component of openSUSE Tumbleweed openbao-mysql-legacy-database-plugin-2.2.2-1.1 as a component of openSUSE Tumbleweed openbao-postgresql-database-plugin-2.2.2-1.1 as a component of openSUSE Tumbleweed openbao-server-2.2.2-1.1 as a component of openSUSE Tumbleweed Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is fixed in Vault Community 1.19.3 and Vault Enterprise 1.19.3, 1.18.9, 1.17.16, 1.16.20. CVE-2025-4166 openSUSE Tumbleweed:openbao-2.2.2-1.1 openSUSE Tumbleweed:openbao-agent-2.2.2-1.1 openSUSE Tumbleweed:openbao-cassandra-database-plugin-2.2.2-1.1 openSUSE Tumbleweed:openbao-influxdb-database-plugin-2.2.2-1.1 openSUSE Tumbleweed:openbao-mysql-database-plugin-2.2.2-1.1 openSUSE Tumbleweed:openbao-mysql-legacy-database-plugin-2.2.2-1.1 openSUSE Tumbleweed:openbao-postgresql-database-plugin-2.2.2-1.1 openSUSE Tumbleweed:openbao-server-2.2.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2WTWIK3Y7MJO72SFX7HD2C7EXIMLTHTW/ https://www.suse.com/security/cve/CVE-2025-4166.html CVE-2025-4166 https://bugzilla.suse.com/1242800 SUSE Bug 1242800