CVE-2025-22246: – UAA Private Key Exposure

Q: What is the severity of CVE-2025-22246?

CVE-2025-22246 is considered a high severity vulnerability due to the risk of private key exposure.

Q: How do I fix CVE-2025-22246?

To fix CVE-2025-22246, upgrade your Cloud Foundry UAA to version 7.31.1 or later.

Q: What versions of Cloud Foundry UAA are affected by CVE-2025-22246?

CVE-2025-22246 affects Cloud Foundry UAA versions from 77.21.0 to 7.31.0.

Q: What is the impact of CVE-2025-22246?

The impact of CVE-2025-22246 includes the potential exposure of sensitive private keys in UAA logs.

Q: Is there a workaround for CVE-2025-22246?

There is no known workaround for CVE-2025-22246; the recommended action is to upgrade to a safe version.

Published May 13, 2025

Updated

Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs.

Affected Software

3 affected components

Cloud Foundry UAA>=77.21.0<=7.31.0

Cloudfoundry Cf-deployment>=45.1.0<49.0.0

Cloudfoundry Uaa Release>=77.21.0<77.32.0

Event History

May 13, 2025

CVE Published

via MITRE·05:14 AM

Data Sourced

via MITRE·05:14 AM

DescriptionSeverity

Data Sourced

via NVD·06:15 AM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2025-22246?

CVE-2025-22246 is considered a high severity vulnerability due to the risk of private key exposure.

How do I fix CVE-2025-22246?

To fix CVE-2025-22246, upgrade your Cloud Foundry UAA to version 7.31.1 or later.

What versions of Cloud Foundry UAA are affected by CVE-2025-22246?

CVE-2025-22246 affects Cloud Foundry UAA versions from 77.21.0 to 7.31.0.

What is the impact of CVE-2025-22246?

The impact of CVE-2025-22246 includes the potential exposure of sensitive private keys in UAA logs.

Is there a workaround for CVE-2025-22246?