How severe is CVE-2025-32016?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2025-32016?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2025-32016

MEDIUM Year: 2025

CVSS v3 Score

4.7

Medium

Weakness Type

CWE-532

View all →

Vulnerability Description

Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform (formerly Azure AD v2.0 endpoint) and AAD B2C. This vulnerability affects confidential client applications, including daemons, web apps, and web APIs. Under specific circumstances, sensitive information such as client secrets or certificate details may be exposed in the service logs of these applications. Service logs are intended to be handled securely. Service logs generated at the information level or credential descriptions containing local file paths with passwords, Base64 encoded values, or Client secret. Additionally, logs of services using Base64 encoded certificates or certificate paths with password credential descriptions are also affected if the certificates are invalid or expired, regardless of the log level. Note that these credentials are not usable due to their invalid or expired status. To mitigate this vulnerability, update to Microsoft.Identity.Web 3.8.2 or Microsoft.Identity.Abstractions 9.0.0.

CVE-2018-14995

MEDIUM

CVSS:4.7(Medium)

The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/...

CWE-5322018

CVE-2018-15002

MEDIUM

CVSS:4.7(Medium)

The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone us...

CWE-5322018

CVE-2019-11250

MEDIUM

CVSS:4.7(Medium)

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as...

CWE-5322019

CVE-2019-18244

MEDIUM

CVSS:4.7(Medium)

In OSIsoft PI System multiple products and versions, a local attacker could view sensitive information in log files when service accounts are customized during installation or upgrade of PI Vision. Th...

CWE-5322019

CVE-2020-7322

MEDIUM

CVSS:4.7(Medium)

Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logg...

CWE-5322020

CVE-2022-43673

MEDIUM

CVSS:4.7(Medium)

Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\Roaming\Wire\IndexedDB\https_app.wire...

CWE-5322022

CVE-2025-32016

Vulnerability Description

Related Vulnerabilities

CVE-2018-14995

CVE-2018-15002

CVE-2019-11250

CVE-2019-18244

CVE-2020-7322

CVE-2022-43673