Ddos 
The popular file update tool, Updatecli, which has seen over 1.2 million downloads, has issued a security advisory detailing a critical vulnerability. The flaw, identified as CVE-2025-24355, carries a CVSS score of 7.1 and is classified as a high-severity issue. The vulnerability stems from the exposure of private Maven repository credentials in execution logs during failed retrieval operations, potentially compromising sensitive data.
Updatecli is a tool designed to apply file update strategies, often used in automation pipelines. Its purpose is to detect when a value needs updating and apply changes according to a custom strategy.
The vulnerability arises when a Maven source configured with basic authentication credentials is used in an Updatecli pipeline. If the retrieval operation from the Maven repository fails—due to issues such as incorrect artifact coordinates, non-existent versions, or other errors—the credentials are inadvertently logged in clear text within the application logs.
According to the advisory, “Credentials are properly sanitized when the operation is successful but not when for whatever reason there is a failure in the maven repository.” The logs can expose sensitive details, including usernames and tokens, in scenarios where authentication fails or the requested artifact cannot be found.
The issue has been resolved in Updatecli version 0.93.0, which properly sanitizes credentials even during failed operations. Users are strongly urged to upgrade to this version immediately to mitigate the risk of credential exposure.
Related Posts:
- NHS Supplier Fined £6M for Data Breach After Ransomware Attack
- Dutch DPA Fines Netflix €4.75 Million for GDPR Violations
- RedHat Security Update fixes the OpenJDK1.8.0 multi vulnerabilities
- Report: 120,000 computers were infected with information-stealing malware
Donate