What is CVE-2025-24034?

CVE-2025-24034 is a low-severity vulnerability in Himmelblau-idm Himmelblau, classified under Insertion of Sensitive Information into Log File. CVSS score: 3.2/10. Published 2025-01-23.

How severe is CVE-2025-24034?

Low severity. CVSS v3 base score is 3.2 out of 10.

Information disclosure in Himmelblau-idm Himmelblau

CVE-2025-24034

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled…

EPSS: 0.000 (12.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.2 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N.

Affected products

Himmelblau-idm Himmelblau — versions >= 0.7.0, < 0.7.15, >= 0.8.0, < 0.8.3

Weakness classification (CWE)

CWE-532 — Insertion of Sensitive Information into Log File

References

https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-p989-2f5w-9cf6 (x_refsource_CONFIRM)
https://github.com/himmelblau-idm/himmelblau/commit/1216804f15ce5dc74bb5da48b5508c41d2ece8fa (x_refsource_MISC)
https://github.com/himmelblau-idm/himmelblau/releases/tag/0.7.15 (x_refsource_MISC)
https://github.com/himmelblau-idm/himmelblau/releases/tag/0.8.3 (x_refsource_MISC)
https://manpages.opensuse.org/Tumbleweed/himmelblau/himmelblau.conf.5.en.html (x_refsource_MISC)
https://manpages.opensuse.org/Tumbleweed/himmelblau/himmelblaud.8.en.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-24034?: CVE-2025-24034 is a low-severity vulnerability in Himmelblau-idm Himmelblau, classified under Insertion of Sensitive Information into Log File. CVSS score: 3.2/10. Published 2025-01-23.
How severe is CVE-2025-24034?: Low severity. CVSS v3 base score is 3.2 out of 10.