Logixlysia 6.3.1: Critical Info Disclosure - Full Error Objects Leak API Keys, Credentials to Logs

Logixlysia, a software platform, is exposing a critical information disclosure vulnerability that leaks sensitive data directly into its logs. The system's logging mechanism passes entire error objects to console output, log files, and external logging services without any sanitization or filtering. This flaw means any sensitive data attached to an error object—including API keys, database credentials, authentication tokens, and personally identifiable information (PII)—is permanently written to these locations, creating a significant security risk.

The vulnerability, classified as CWE-532 and CWE-215, affects all versions of Logixlysia, including the current version 6.3.1. The core problem is that the logger does not strip or mask confidential fields before output. This creates a direct pipeline for internal secrets and user data to be captured in plain text within operational logs, which could be accessed by unauthorized personnel or through subsequent log file exposures.

The status of this flaw is marked as needing an immediate fix. The persistence of this vulnerability in the production version indicates a systemic failure in the software's security logging practices. Until patched, any deployment of Logixlysia risks exposing its most sensitive operational secrets through routine error handling, potentially compromising backend systems and user privacy.