CVE-2025-1308 - Vulnerability Details - OpenCVE

A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0002.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2025-15792	A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions.

Fixes

Solution

This issue is resolved in the following PX Backup releases: * PX Backup 2.6.1 or later * PX Backup 2.7.4 or later * PX Backup 2.8.2 or later

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.purestorage.com/Pure_Security

History

Tue, 20 May 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 19 May 2025 21:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions.
Title		PX Backup Improper Sanitization Vulnerability
Weaknesses		CWE-116
References		https://support.purestorage.com/Pure_Security
Metrics		cvssV4_0 `{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: PureStorage

Published: 2025-05-19T21:18:33.263Z

Updated: 2025-05-20T14:19:51.463Z

Reserved: 2025-02-14T19:10:44.835Z

Link: CVE-2025-1308

Vulnrichment

Updated: 2025-05-20T14:19:32.285Z

NVD

Status : Awaiting Analysis

Published: 2025-05-19T22:15:20.520

Modified: 2025-05-21T20:25:16.407

Link: CVE-2025-1308

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1308", "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "state": "PUBLISHED", "assignerShortName": "PureStorage", "dateReserved": "2025-02-14T19:10:44.835Z", "datePublished": "2025-05-19T21:18:33.263Z", "dateUpdated": "2025-05-20T14:19:51.463Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PX Backup", "vendor": "Pure Storage", "versions": [{"lessThanOrEqual": "2.6.0", "status": "affected", "version": "1.0.0", "versionType": "custom"}, {"lessThanOrEqual": "2.7.3", "status": "affected", "version": "2.7.0", "versionType": "custom"}, {"lessThanOrEqual": "2.8.1", "status": "affected", "version": "2.8.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions.</span><br>"}], "value": "A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions."}], "impacts": [{"capecId": "CAPEC-268", "descriptions": [{"lang": "en", "value": "CAPEC-268 Audit Log Manipulation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.4, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-116", "description": "CWE-116 Improper Encoding or Escaping of Output", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "shortName": "PureStorage", "dateUpdated": "2025-05-19T21:18:33.263Z"}, "references": [{"url": "https://support.purestorage.com/Pure_Security"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>This issue is resolved in the following PX Backup releases:</p><ul><li><p>PX Backup 2.6.1 or later</p></li><li><p>PX Backup 2.7.4 or later</p></li><li><p>PX Backup 2.8.2 or later</p></li></ul>"}], "value": "This issue is resolved in the following PX Backup releases:\n\n * PX Backup 2.6.1 or later\n\n\n * PX Backup 2.7.4 or later\n\n\n * PX Backup 2.8.2 or later"}], "source": {"discovery": "INTERNAL"}, "title": "PX Backup Improper Sanitization Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-20T14:19:07.947427Z", "id": "CVE-2025-1308", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-20T14:19:51.463Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1308", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-20T14:19:07.947427Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-20T14:19:32.285Z"}}], "cna": {"title": "PX Backup Improper Sanitization Vulnerability", "source": {"discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-268", "descriptions": [{"lang": "en", "value": "CAPEC-268 Audit Log Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Pure Storage", "product": "PX Backup", "versions": [{"status": "affected", "version": "1.0.0", "versionType": "custom", "lessThanOrEqual": "2.6.0"}, {"status": "affected", "version": "2.7.0", "versionType": "custom", "lessThanOrEqual": "2.7.3"}, {"status": "affected", "version": "2.8.0", "versionType": "custom", "lessThanOrEqual": "2.8.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "This issue is resolved in the following PX Backup releases:\n\n * PX Backup 2.6.1 or later\n\n\n * PX Backup 2.7.4 or later\n\n\n * PX Backup 2.8.2 or later", "supportingMedia": [{"type": "text/html", "value": "<p>This issue is resolved in the following PX Backup releases:</p><ul><li><p>PX Backup 2.6.1 or later</p></li><li><p>PX Backup 2.7.4 or later</p></li><li><p>PX Backup 2.8.2 or later</p></li></ul>", "base64": false}]}], "references": [{"url": "https://support.purestorage.com/Pure_Security"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-116", "description": "CWE-116 Improper Encoding or Escaping of Output"}]}], "providerMetadata": {"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "shortName": "PureStorage", "dateUpdated": "2025-05-19T21:18:33.263Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1308", "state": "PUBLISHED", "dateUpdated": "2025-05-20T14:19:51.463Z", "dateReserved": "2025-02-14T19:10:44.835Z", "assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac", "datePublished": "2025-05-19T21:18:33.263Z", "assignerShortName": "PureStorage"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions."}, {"lang": "es", "value": "Existe una vulnerabilidad en PX Backup por la cual se puede registrar informaci\u00f3n confidencial en condiciones espec\u00edficas."}], "id": "CVE-2025-1308", "lastModified": "2025-05-21T20:25:16.407", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@purestorage.com", "type": "Secondary"}]}, "published": "2025-05-19T22:15:20.520", "references": [{"source": "psirt@purestorage.com", "url": "https://support.purestorage.com/Pure_Security"}], "sourceIdentifier": "psirt@purestorage.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-116"}], "source": "psirt@purestorage.com", "type": "Secondary"}]}