CVE-2025-57813 (GCVE-0-2025-57813)
Vulnerability from cvelistv5 – Published: 2025-08-26 16:06 – Updated: 2025-08-26 20:37
VLAI
Title
Insertion of Sensitive Information into Log File in github.com/traPtitech/traQ
Summary
traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an SQL error by methods such as placing a high load on the database. This could allow an attacker who has the authority to view the log files to illicitly acquire the recorded sensitive information. This vulnerability has been patched in version 3.25.0. If upgrading is not possible, a temporary workaround involves reviewing access permissions for SQL error logs and strictly limiting access to prevent unauthorized users from viewing them.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/traPtitech/traQ/security/advis… | x_refsource_CONFIRM |
| https://github.com/traPtitech/traQ/pull/2787 | x_refsource_MISC |
| https://github.com/traPtitech/traQ/commit/ce5da94… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| traPtitech | traQ |
Affected:
< 3.25.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T20:37:40.419779Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T20:37:52.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "traQ",
"vendor": "traPtitech",
"versions": [
{
"status": "affected",
"version": "\u003c 3.25.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an SQL error by methods such as placing a high load on the database. This could allow an attacker who has the authority to view the log files to illicitly acquire the recorded sensitive information. This vulnerability has been patched in version 3.25.0. If upgrading is not possible, a temporary workaround involves reviewing access permissions for SQL error logs and strictly limiting access to prevent unauthorized users from viewing them."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T16:06:41.220Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/traPtitech/traQ/security/advisories/GHSA-27r7-3m9x-r533",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/traPtitech/traQ/security/advisories/GHSA-27r7-3m9x-r533"
},
{
"name": "https://github.com/traPtitech/traQ/pull/2787",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/traPtitech/traQ/pull/2787"
},
{
"name": "https://github.com/traPtitech/traQ/commit/ce5da94f5d5a8348f9ecdc82140b6f53b3721698",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/traPtitech/traQ/commit/ce5da94f5d5a8348f9ecdc82140b6f53b3721698"
}
],
"source": {
"advisory": "GHSA-27r7-3m9x-r533",
"discovery": "UNKNOWN"
},
"title": "Insertion of Sensitive Information into Log File in github.com/traPtitech/traQ"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-57813",
"datePublished": "2025-08-26T16:06:41.220Z",
"dateReserved": "2025-08-20T14:30:35.010Z",
"dateUpdated": "2025-08-26T20:37:52.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-57813",
"date": "2026-06-05",
"epss": "0.00116",
"percentile": "0.29948"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-57813\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-08-26T16:15:38.040\",\"lastModified\":\"2025-08-29T16:22:31.970\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an SQL error by methods such as placing a high load on the database. This could allow an attacker who has the authority to view the log files to illicitly acquire the recorded sensitive information. This vulnerability has been patched in version 3.25.0. If upgrading is not possible, a temporary workaround involves reviewing access permissions for SQL error logs and strictly limiting access to prevent unauthorized users from viewing them.\"},{\"lang\":\"es\",\"value\":\"traQ es una aplicaci\u00f3n de mensajer\u00eda desarrollada para Digital Creators Club traP. Antes de la versi\u00f3n 3.25.0, exist\u00eda una vulnerabilidad que permit\u00eda registrar informaci\u00f3n confidencial, como tokens OAuth, en archivos de registro cuando se produc\u00eda un error durante la ejecuci\u00f3n de una consulta SQL. Un atacante podr\u00eda generar intencionalmente un error SQL mediante m\u00e9todos como sobrecargar la base de datos. Esto podr\u00eda permitir que un atacante con autorizaci\u00f3n para ver los archivos de registro adquiera il\u00edcitamente la informaci\u00f3n confidencial registrada. Esta vulnerabilidad se ha corregido en la versi\u00f3n 3.25.0. Si no es posible actualizar, una soluci\u00f3n temporal consiste en revisar los permisos de acceso a los registros de errores SQL y limitar estrictamente el acceso para evitar que usuarios no autorizados los vean.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.7,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"references\":[{\"url\":\"https://github.com/traPtitech/traQ/commit/ce5da94f5d5a8348f9ecdc82140b6f53b3721698\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/traPtitech/traQ/pull/2787\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/traPtitech/traQ/security/advisories/GHSA-27r7-3m9x-r533\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-57813\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-26T20:37:40.419779Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-26T20:37:47.836Z\"}}], \"cna\": {\"title\": \"Insertion of Sensitive Information into Log File in github.com/traPtitech/traQ\", \"source\": {\"advisory\": \"GHSA-27r7-3m9x-r533\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"traPtitech\", \"product\": \"traQ\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.25.0\"}]}], \"references\": [{\"url\": \"https://github.com/traPtitech/traQ/security/advisories/GHSA-27r7-3m9x-r533\", \"name\": \"https://github.com/traPtitech/traQ/security/advisories/GHSA-27r7-3m9x-r533\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/traPtitech/traQ/pull/2787\", \"name\": \"https://github.com/traPtitech/traQ/pull/2787\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/traPtitech/traQ/commit/ce5da94f5d5a8348f9ecdc82140b6f53b3721698\", \"name\": \"https://github.com/traPtitech/traQ/commit/ce5da94f5d5a8348f9ecdc82140b6f53b3721698\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an SQL error by methods such as placing a high load on the database. This could allow an attacker who has the authority to view the log files to illicitly acquire the recorded sensitive information. This vulnerability has been patched in version 3.25.0. If upgrading is not possible, a temporary workaround involves reviewing access permissions for SQL error logs and strictly limiting access to prevent unauthorized users from viewing them.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-532\", \"description\": \"CWE-532: Insertion of Sensitive Information into Log File\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-08-26T16:06:41.220Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-57813\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-26T20:37:52.226Z\", \"dateReserved\": \"2025-08-20T14:30:35.010Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-08-26T16:06:41.220Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…