CVE-2025-6624
high
CVSS v3
7.2
CVSS v4 NEW
1.2
VIR risk
7.2
Description
Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode
Predictions
Exploit likelihood
71%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| npm | snyk | <1.1297.3 | 1.1297.3 |
| Go | github.com/snyk/go-application-framework | | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| snyk | snyk_cli | {"endExcluding":"1.1297.3"} | 1.1297.3 |
References
- https://docs.snyk.io/snyk-cli/debugging-the-snyk-cli
- https://github.com/snyk/cli/commit/38322f377da7e5f1391e1f641710be50989fa4df
- https://github.com/snyk/cli/releases/tag/v1.1297.3
- https://github.com/snyk/go-application-framework/commit/ca7ba7d72e68455afb466a7a47bb2c9aece86c18
- https://security.snyk.io/vuln/SNYK-JS-SNYK-10497607
- https://nvd.nist.gov/vuln/detail/CVE-2025-6624
- https://github.com/snyk
- https://github.com/advisories/GHSA-6hwc-9h8r-3vmf
CWEs
CWE-532
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.