CVE-2025-4166 Affecting splunk-otel-collector package, versions <0.125.0-r1
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CHAINGUARDLATEST-SPLUNKOTELCOLLECTOR-10006765
- published4 May 2025
- disclosed2 May 2025
Introduced: 2 May 2025
NewCVE-2025-4166 (opens in a new tab)How to fix?
Upgrade Chainguard splunk-otel-collector to version 0.125.0-r1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream splunk-otel-collector package and not the splunk-otel-collector package as distributed by Chainguard.
See How to fix? for Chainguard relevant fixed versions and status.
Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is fixed in Vault Community 1.19.3 and Vault Enterprise 1.19.3, 1.18.9, 1.17.16, 1.16.20.