The LoggingRestClientCustomizer in Valtimo's web module automatically logs the full request body, response body, and response headers for all outgoing HTTP calls made through Spring's RestClient. When an error response is received, this information is included in the exception message and logged at ERROR level by Spring’s default exception handling. Because the logged data contains sensitive request and response payloads, an attacker who can read the application logs may obtain confidential information. The weakness is a classic case of logging sensitive data, identified by CWE‑532. This vulnerability does not provide a direct path for code execution or privilege escalation but can lead to confidentiality breaches if log access is not constrained.

Valtimo platforms in the web module (com.ritense.valtimo:web) and the core platform (valtimo-platform:valtimo) are affected. Vulnerable versions are 12.4.0 through 12.32.x and 13.25.x. The issue is fixed in 12.33.0 and 13.26.0; versions 12.33.0 and 13.26.0 are not vulnerable.

With a CVSS score of 7.6, the vulnerability is considered high severity. The EPSS score is not available, so the likelihood of exploitation is uncertain but cannot be ruled out. It is not listed in the CISA KEV catalog, so no known public exploits have been reported. Attackers would need access to the application logs, either directly or via a compromised system, to read the sensitive data. The vulnerability is exploitable as is, without additional preconditions beyond log access.