CVE-2025-24355

Summary

CVE-2025-24355 is a vulnerability affecting Updatecli, a tool used for file update strategies. Before version 0.93.0, this tool may expose Maven repository credentials in application logs during unsuccessful retrieval operations. When an `maven` source is configured with basic auth credentials in an Updatecli pipeline, these credentials can be leaked in the logs if there is a failure in the Maven repository, such as incorrect coordinates, non-existent artifacts, or versions. Although credentials are properly sanitized when the operation succeeds, the vulnerability is active during failures. Updatecli version 0.93.0 includes a patch to resolve this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.