CVE-2025-6000

Critical CVSS: 9.1

A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

Vendor

Hashicorp

Product

Vault

CWE

CWE-94

Yayın Tarihi

2025-08-01 18:15:56

Güncelleme

2025-08-13 18:08:08

Source Identifier

security@hashicorp.com

KEV Date Added

Kategoriler

CWE-94 Vault CRITICAL Hashicorp 2025

Referanslar

https://discuss.hashicorp.com/t/hcsec-2025-14-privileged-vault-operator-may-execute-code-on-the-underlying-host/76033

Benzer Kayıtlar

High

CVE-2025-13357

Vault’s Terraform Provider incorrectly set the default deny_null_bind parameter for the LDAP auth method to false by def…

Medium

CVE-2025-13432

Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise w…

Medium

CVE-2025-11374

Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect C…

Medium

CVE-2025-11375

Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum…

High

CVE-2025-12044

Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payload…

High

CVE-2025-11621

Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the co…