Back to search
CVE-2025-62232
Published: Oct 31, 2025
Modified: Oct 31, 2025
PUBLISHED
Description
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: https://github.com/apache/apisix/pull/12629 Users are recommended to upgrade to version 3.14, which fixes this issue.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache APISIX | affected 1.0 - < 3.14 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now