CVE-2025-57813

Published: Aug 26, 2025

Modified: Aug 26, 2025

PUBLISHED

CVSS v3.1

5.9

MEDIUM

Description

traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an SQL error by methods such as placing a high load on the database. This could allow an attacker who has the authority to view the log files to illicitly acquire the recorded sensitive information. This vulnerability has been patched in version 3.25.0. If upgrading is not possible, a temporary workaround involves reviewing access permissions for SQL error logs and strictly limiting access to prevent unauthorized users from viewing them.

Vendor	Product	Versions
traPtitech	traQ	affected `< 3.25.0`

Weaknesses (CWE)

CWE-532

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

References

https://github.com/traPtitech/traQ/security/advisories/GHSA-27r7-3m9x-r533

x_refsource_CONFIRM

https://github.com/traPtitech/traQ/pull/2787

x_refsource_MISC

https://github.com/traPtitech/traQ/commit/ce5da94f5d5a8348f9ecdc82140b6f53b3721698

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-57813

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References