Security Advisory - RabbitMQ 3.13.2 and 3.13.7
Individual Advisory
|
Advisory ID: |
TNZ-2025-0041 |
|
Severity: |
Moderate |
|
CVSSv3 Vector: |
6.7 |
|
Issue Date: |
June 26, 2025 |
|
Updated on: |
June 26, 2025 |
|
CVE |
CVE-2025-50200 |
|
Synopsis |
Impacted on RabbitMQ 3.13.7 and previous versions. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers - Showing base64 encoded username:password - which is easy to decode and afterwards used to obtain control to the system (depending on the type of credentials). |
Product Versions Affected
- OS: Windows
- RabbitMQ 3.13.7 and 3.13.2
Upstream OSS Advisory Link
- https://nvd.nist.gov/vuln/detail/CVE-2025-50200
- https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-gh3x-4x42-fvq8
Other Products Versions Affected
- None
History
2025-06-26: Initial vulnerability report published.
Contact
E-mail: [email protected]
VMware Tanzu Security Advisories: https://tanzu.vmware.com/security