Cloud Foundry Logo
blog single gear
Blog
Security Advisory

CVE-2025-22246 – UAA Private Key Exposure

by: May 8, 2025

Severity

LOW

Vendor

CloudFoundry Foundation

Versions Affected

  • UAA Release: v77.21.0 to v77.31.0
  • CF Deployment: v45.1.0 to v48.11.0

Description

Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs.  

Affected Cloud Foundry Products and Versions

*Severity is high unless otherwise noted.

  • uaa_release
    • All versions from v77.21.0 to v77.31.0 (inclusive)
  • CF Deployment
    • All versions from v45.1.0 to v48.11.0 (inclusive)

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below.

The Cloud Foundry project recommends upgrading the following releases:

  • uaa_release
    • Upgrade uaa_release versions to v77.32.0 or greater
  • CF Deployment
    • Upgrade cf-deployment version to v49.0.0 or greater 
      • Includes uaa_release v77.32.0

Credit

Self reported by the UAA Cloud Foundry team

History

May 8th, 2025: Initial vulnerability report published.

 

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

USN-2837-1 bind9 vulnerability
Security Advisory

USN-2837-1 bind9 vulnerability

by Cloud Foundry Foundation Security Team January 7, 2016
USN-3693-1: JasPer vulnerabilities
Security Advisory

USN-3693-1: JasPer vulnerabilities

by Cloud Foundry Foundation Security Team July 10, 2018
CVE-2019-15587: CAPI contains a vulnerable Loofah gem
Security Advisory

CVE-2019-15587: CAPI contains a vulnerable Loofah gem

by Cloud Foundry Foundation Security Team November 12, 2019
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept