Sensitive Data Exposure via basic-auth Logging in Apache APISIX <3.14
CVE-2025-62232 Published on October 31, 2025

Apache APISIX: basic-auth logs plaintext credentials at info level
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit:  https://github.com/apache/apisix/pull/12629 Users are recommended to upgrade to version 3.14, which fixes this issue.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2025-62232 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.


Products Associated with CVE-2025-62232

Want to know whenever a new CVE is published for Apache Apisix? stack.watch will email you.

Apache Apisix
 

Affected Versions

Apache Software Foundation Apache APISIX:

Exploit Probability

EPSS
0.11%
Percentile
28.61%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.