CVE-2025-50200 in Serverinfo

Summary

by MITRE • 06/19/2025

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 08/21/2025

RabbitMQ serves as a critical messaging and streaming broker in enterprise environments, facilitating communication between distributed systems through message queues. The vulnerability identified as CVE-2025-50200 affects versions 3.13.7 and earlier, representing a significant security flaw in the broker's logging mechanisms. This issue emerged from the broker's default configuration where all HTTP request headers are logged without proper sanitization, creating an avenue for credential exposure that directly impacts system security posture and operational integrity.

The technical flaw stems from RabbitMQ's logging implementation which indiscriminately captures and records all HTTP request headers, including those containing authentication information. When basic authentication is employed through HTTP/s APIs, the authorization headers are base64 encoded but remain in the logs without additional protection or obfuscation. This design oversight creates a direct pathway for attackers to extract sensitive credentials from log files, as base64 encoding is easily reversible through standard decoding operations. The vulnerability manifests when administrative or operational users interact with the RabbitMQ API, generating log entries that contain the encoded username and password combinations.

The operational impact of this vulnerability extends beyond simple credential exposure, as it creates a persistent risk vector for unauthorized system access. Attackers who gain access to log files can readily decode the base64 encoded credentials and leverage them to establish unauthorized connections to the messaging broker. Depending on the permissions associated with these credentials, attackers could potentially gain full administrative control over the RabbitMQ instance, modify message queues, alter routing configurations, or even disrupt critical messaging services. This risk is particularly elevated in environments where log files are not properly secured or where multiple system administrators maintain access to log repositories. The vulnerability aligns with CWE-532, which addresses information exposure through logging mechanisms, and represents a direct violation of secure coding practices regarding credential handling and logging security.

The remediation for this vulnerability requires immediate upgrade to RabbitMQ version 4.0.8 or later, which implements proper header sanitization in the logging subsystem. Organizations should conduct comprehensive security assessments of their existing RabbitMQ deployments to identify systems running vulnerable versions and prioritize patching activities accordingly. Additionally, system administrators should review log access controls and implement proper file permissions to limit access to log files containing sensitive information. The fix addresses the root cause by ensuring that authentication headers are either filtered out of logs or properly obfuscated before being written to log files, thereby preventing unauthorized access to encoded credentials. This vulnerability demonstrates the critical importance of secure logging practices and proper credential handling within messaging systems, particularly those handling sensitive enterprise data and requiring robust security controls to maintain operational integrity and prevent unauthorized access to critical infrastructure components.

Responsible

GitHub M

Reservation

06/13/2025

Disclosure

06/19/2025

Moderation

accepted

CPE

ready

EPSS

0.00194

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!