Home > Vulnerability Database > CVE-2025-30205

Mend.io Vulnerability Database

CVE-2025-30205

Date: March 24, 2025

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the (optional) kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system log. This only impacts users which both use the provided patches and provision their "admin" or "idm_admin" account credentials this way. No other credentials are affected. Users should recompile kanidm with the newest patchset from tag "v1.2.0" or higher. As a workaround, the user can set the log level "KANIDM_LOG_LEVEL" to any level higher than "info", for example "warn".

Severity Score

7.6

Related Resources (4)

Url: https://github.com/oddlama/kanidm-provision/security/advisories/GHSA-57fc-pcqm-53rp

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-30205

Url: https://github.com/oddlama/kanidm-provision/commit/a102b52e4a79be4263068577ba837f16c3e487a2

Url: https://www.mend.io/vulnerability-database/CVE-2025-30205

Severity Score

7.6

Weakness Type (CWE)

Insertion of Sensitive Information into Log File

CWE-532

CVSS v3.1

Base Score:	7.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-30205

Date: March 24, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?