CVE-2025-55000 — MEDIUM (6.5)

Q: How severe is CVE-2025-55000?

CVE-2025-55000 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-55000?

Check the references section above for vendor advisories and patch information. Affected products include: Openbao Openbao.

Vulnerability Description

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao's TOTP secrets engine could accept valid codes multiple times rather than strictly-once. This was caused by unexpected normalization in the underlying TOTP library. To work around, ensure that all codes are first normalized before submitting to the OpenBao endpoint. TOTP code verification is a privileged action; only trusted systems should be verifying codes.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Openbao	Openbao	< 2.3.2

Related Weaknesses (CWE)

CWE-156

References

FAQ

What is CVE-2025-55000?

CVE-2025-55000 is a vulnerability with a CVSS score of 6.5 (MEDIUM). OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao's TOTP secrets engine ...

How severe is CVE-2025-55000?

CVE-2025-55000 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-55000?

Check the references section above for vendor advisories and patch information. Affected products include: Openbao Openbao.