Vulnerability-Lookup

https://discuss.hashicorp.com/t/hcsec-2025-15-tim…

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Vault ist ein identit\u00e4tsbasiertes System zur Verwaltung von Geheimnissen und Verschl\u00fcsselung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Hashicorp Vault ausnutzen, um erh\u00f6hte Rechte zu erlangen, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen preiszugeben.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1702 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1702.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1702 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1702"
      },
      {
        "category": "external",
        "summary": "Vault Security Advisory vom 2025-08-03",
        "url": "https://discuss.hashicorp.com/t/hcsec-2025-13-vault-root-namespace-operator-may-elevate-token-privileges/76032"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2025-08-03",
        "url": "https://github.com/advisories/GHSA-6h4p-m86h-hhgh"
      },
      {
        "category": "external",
        "summary": "Vault Security Advisory vom 2025-08-03",
        "url": "https://discuss.hashicorp.com/t/hcsec-2025-14-privileged-vault-operator-may-execute-code-on-the-underlying-host/76033"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2025-08-03",
        "url": "https://github.com/advisories/GHSA-mr4h-qf9j-f665"
      },
      {
        "category": "external",
        "summary": "Vault Security Advisory vom 2025-08-03",
        "url": "https://discuss.hashicorp.com/t/hcsec-2025-15-timing-side-channel-in-vault-s-userpass-auth-method/76034"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2025-08-03",
        "url": "https://github.com/advisories/GHSA-mwgr-84fv-3jh9"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2025-08-03",
        "url": "https://github.com/advisories/GHSA-qgj7-fmq2-6cc4"
      },
      {
        "category": "external",
        "summary": "Vault Security Advisory vom 2025-08-03",
        "url": "https://discuss.hashicorp.com/t/hcsec-2025-17-vault-totp-secrets-engine-code-reuse/76036"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2025-08-03",
        "url": "https://github.com/advisories/GHSA-qv3p-fmv3-9hww"
      },
      {
        "category": "external",
        "summary": "Vault Security Advisory vom 2025-08-03",
        "url": "https://discuss.hashicorp.com/t/hcsec-2025-18-vault-certificate-auth-method-did-not-validate-common-name-for-non-ca-certificates/76037"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2025-08-03",
        "url": "https://github.com/advisories/GHSA-6c5r-4wfc-3mcx"
      },
      {
        "category": "external",
        "summary": "Vault Security Advisory vom 2025-08-03",
        "url": "https://discuss.hashicorp.com/t/hcsec-2025-19-vault-login-mfa-bypass-of-rate-limiting-and-totp-token-reuse/76038"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2025-08-03",
        "url": "https://github.com/advisories/GHSA-v6r4-35f9-9rpw"
      }
    ],
    "source_lang": "en-US",
    "title": "Hashicorp Vault Community und Enterprise: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-08-03T22:00:00.000+00:00",
      "generator": {
        "date": "2025-08-04T11:04:34.309+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1702",
      "initial_release_date": "2025-08-03T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-08-03T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Community Edition \u003c1.20.0",
                "product": {
                  "name": "Hashicorp Vault Community Edition \u003c1.20.0",
                  "product_id": "T045832"
                }
              },
              {
                "category": "product_version",
                "name": "Community Edition 1.20.0",
                "product": {
                  "name": "Hashicorp Vault Community Edition 1.20.0",
                  "product_id": "T045832-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hashicorp:vault:community_edition__1.20.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Enterprise \u003c1.20.0",
                "product": {
                  "name": "Hashicorp Vault Enterprise \u003c1.20.0",
                  "product_id": "T045833"
                }
              },
              {
                "category": "product_version",
                "name": "Enterprise 1.20.0",
                "product": {
                  "name": "Hashicorp Vault Enterprise 1.20.0",
                  "product_id": "T045833-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hashicorp:vault:enterprise__1.20.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Enterprise \u003c1.18.11",
                "product": {
                  "name": "Hashicorp Vault Enterprise \u003c1.18.11",
                  "product_id": "T045835"
                }
              },
              {
                "category": "product_version",
                "name": "Enterprise 1.18.11",
                "product": {
                  "name": "Hashicorp Vault Enterprise 1.18.11",
                  "product_id": "T045835-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hashicorp:vault:enterprise__1.18.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Enterprise \u003c1.16.22",
                "product": {
                  "name": "Hashicorp Vault Enterprise \u003c1.16.22",
                  "product_id": "T045836"
                }
              },
              {
                "category": "product_version",
                "name": "Enterprise 1.16.22",
                "product": {
                  "name": "Hashicorp Vault Enterprise 1.16.22",
                  "product_id": "T045836-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hashicorp:vault:enterprise__1.16.22"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Community Edition \u003c1.20.1",
                "product": {
                  "name": "Hashicorp Vault Community Edition \u003c1.20.1",
                  "product_id": "T045837"
                }
              },
              {
                "category": "product_version",
                "name": "Community Edition 1.20.1",
                "product": {
                  "name": "Hashicorp Vault Community Edition 1.20.1",
                  "product_id": "T045837-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hashicorp:vault:community_edition__1.20.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Enterprise \u003c1.20.1",
                "product": {
                  "name": "Hashicorp Vault Enterprise \u003c1.20.1",
                  "product_id": "T045838"
                }
              },
              {
                "category": "product_version",
                "name": "Enterprise 1.20.1",
                "product": {
                  "name": "Hashicorp Vault Enterprise 1.20.1",
                  "product_id": "T045838-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hashicorp:vault:enterprise__1.20.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Enterprise \u003c1.19.6",
                "product": {
                  "name": "Hashicorp Vault Enterprise \u003c1.19.6",
                  "product_id": "T045839"
                }
              },
              {
                "category": "product_version",
                "name": "Enterprise 1.19.6",
                "product": {
                  "name": "Hashicorp Vault Enterprise 1.19.6",
                  "product_id": "T045839-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hashicorp:vault:enterprise__1.19.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Enterprise \u003c1.19.7",
                "product": {
                  "name": "Hashicorp Vault Enterprise \u003c1.19.7",
                  "product_id": "T045840"
                }
              },
              {
                "category": "product_version",
                "name": "Enterprise 1.19.7",
                "product": {
                  "name": "Hashicorp Vault Enterprise 1.19.7",
                  "product_id": "T045840-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hashicorp:vault:enterprise__1.19.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Enterprise \u003c1.18.12",
                "product": {
                  "name": "Hashicorp Vault Enterprise \u003c1.18.12",
                  "product_id": "T045841"
                }
              },
              {
                "category": "product_version",
                "name": "Enterprise 1.18.12",
                "product": {
                  "name": "Hashicorp Vault Enterprise 1.18.12",
                  "product_id": "T045841-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hashicorp:vault:enterprise__1.18.12"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Enterprise \u003c1.16.23",
                "product": {
                  "name": "Hashicorp Vault Enterprise \u003c1.16.23",
                  "product_id": "T045843"
                }
              },
              {
                "category": "product_version",
                "name": "Enterprise 1.16.23",
                "product": {
                  "name": "Hashicorp Vault Enterprise 1.16.23",
                  "product_id": "T045843-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hashicorp:vault:enterprise__1.16.23"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Vault"
          }
        ],
        "category": "vendor",
        "name": "Hashicorp"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-5999",
      "product_status": {
        "known_affected": [
          "T045833",
          "T045832",
          "T045835",
          "T045836",
          "T045839"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-5999"
    },
    {
      "cve": "CVE-2025-6000",
      "product_status": {
        "known_affected": [
          "T045841",
          "T045833",
          "T045832",
          "T045843",
          "T045835",
          "T045837",
          "T045836",
          "T045839",
          "T045838",
          "T045840"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-6000"
    },
    {
      "cve": "CVE-2025-6004",
      "product_status": {
        "known_affected": [
          "T045841",
          "T045833",
          "T045832",
          "T045843",
          "T045835",
          "T045837",
          "T045836",
          "T045839",
          "T045838",
          "T045840"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-6004"
    },
    {
      "cve": "CVE-2025-6011",
      "product_status": {
        "known_affected": [
          "T045841",
          "T045833",
          "T045832",
          "T045843",
          "T045835",
          "T045837",
          "T045836",
          "T045839",
          "T045838",
          "T045840"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-6011"
    },
    {
      "cve": "CVE-2025-6015",
      "product_status": {
        "known_affected": [
          "T045841",
          "T045833",
          "T045832",
          "T045843",
          "T045835",
          "T045837",
          "T045836",
          "T045839",
          "T045838",
          "T045840"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-6015"
    },
    {
      "cve": "CVE-2025-6037",
      "product_status": {
        "known_affected": [
          "T045841",
          "T045833",
          "T045832",
          "T045843",
          "T045835",
          "T045837",
          "T045836",
          "T045839",
          "T045838",
          "T045840"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-6037"
    },
    {
      "cve": "CVE-2025-6014",
      "product_status": {
        "known_affected": [
          "T045841",
          "T045833",
          "T045832",
          "T045843",
          "T045835",
          "T045837",
          "T045836",
          "T045839",
          "T045838",
          "T045840"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-6014"
    }
  ]
}

CVE-2025-6011 (GCVE-0-2025-6011)

Vulnerability from cvelistv5 – Published: 2025-08-01 18:00 – Updated: 2025-08-01 19:06

Title

Timing Side-Channel in Vault’s Userpass Auth Method

Summary

A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

Severity ?

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-203 - Observable Discrepancy

Assigner

HashiCorp

References

URL

Tags

Impacted products

Vendor

Product

Version

Affected: 0 , < 1.20.1 (semver)

Affected: 0 , < 1.20.1 (semver)

Show details on NVD website

https://discuss.hashicorp.com/t/hcsec-2025-14-pri…

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6011",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-01T19:06:39.856193Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-01T19:06:58.251Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Vault",
          "repo": "https://github.com/hashicorp/vault",
          "vendor": "HashiCorp",
          "versions": [
            {
              "lessThan": "1.20.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Vault Enterprise",
          "repo": "https://github.com/hashicorp/vault",
          "vendor": "HashiCorp",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.19.7",
                  "status": "unaffected"
                },
                {
                  "at": "1.18.12",
                  "status": "unaffected"
                },
                {
                  "at": "1.16.23",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.20.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA timing side channel in Vault and Vault Enterprise\u2019s (\u201cVault\u201d) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault\u2019s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.\u003c/p\u003e\u003cbr/\u003e"
            }
          ],
          "value": "A timing side channel in Vault and Vault Enterprise\u2019s (\u201cVault\u201d) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault\u2019s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-118",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-118: Collect and Analyze Information"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "CWE-203: Observable Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-01T18:00:24.528Z",
        "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "shortName": "HashiCorp"
      },
      "references": [
        {
          "url": "https://discuss.hashicorp.com/t/hcsec-2025-15-timing-side-channel-in-vault-s-userpass-auth-method/76034"
        }
      ],
      "source": {
        "advisory": "HCSEC-2025-15",
        "discovery": "EXTERNAL"
      },
      "title": "Timing Side-Channel in Vault\u2019s Userpass Auth Method"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
    "assignerShortName": "HashiCorp",
    "cveId": "CVE-2025-6011",
    "datePublished": "2025-08-01T18:00:24.528Z",
    "dateReserved": "2025-06-11T18:57:02.577Z",
    "dateUpdated": "2025-08-01T19:06:58.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-6000 (GCVE-0-2025-6000)

Vulnerability from cvelistv5 – Published: 2025-08-01 17:40 – Updated: 2025-08-01 18:12

Title

Arbitrary Remote Code Execution via Plugin Catalog Abuse

Summary

A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-94 - Improper Control of Generation of Code (Code Injection)

Assigner

HashiCorp

References

URL

Tags

Impacted products

Vendor

Product

Version

Affected: 0.8.0 , < 1.20.1 (semver)

Affected: 0.8.0 , < 1.20.1 (semver)

Show details on NVD website

https://discuss.hashicorp.com/t/hcsec-2025-13-vau…

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6000",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-01T18:11:02.726308Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-01T18:12:02.883Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Vault",
          "repo": "https://github.com/hashicorp/vault",
          "vendor": "HashiCorp",
          "versions": [
            {
              "lessThan": "1.20.1",
              "status": "affected",
              "version": "0.8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Vault Enterprise",
          "repo": "https://github.com/hashicorp/vault",
          "vendor": "HashiCorp",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.19.7",
                  "status": "unaffected"
                },
                {
                  "at": "1.18.12",
                  "status": "unaffected"
                },
                {
                  "at": "1.16.23",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.20.1",
              "status": "affected",
              "version": "0.8.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault\u2019s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.\u003c/p\u003e\u003cbr/\u003e"
            }
          ],
          "value": "A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault\u2019s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-549",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-549: Local Execution of Code"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (Code Injection)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-01T17:40:48.524Z",
        "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "shortName": "HashiCorp"
      },
      "references": [
        {
          "url": "https://discuss.hashicorp.com/t/hcsec-2025-14-privileged-vault-operator-may-execute-code-on-the-underlying-host/76033"
        }
      ],
      "source": {
        "advisory": "HCSEC-2025-14",
        "discovery": "EXTERNAL"
      },
      "title": "Arbitrary Remote Code Execution via Plugin Catalog Abuse"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
    "assignerShortName": "HashiCorp",
    "cveId": "CVE-2025-6000",
    "datePublished": "2025-08-01T17:40:48.524Z",
    "dateReserved": "2025-06-11T14:38:13.583Z",
    "dateUpdated": "2025-08-01T18:12:02.883Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-5999 (GCVE-0-2025-5999)

Vulnerability from cvelistv5 – Published: 2025-08-01 17:38 – Updated: 2025-08-01 18:08

Title

Vault Root Namespace Operator May Elevate Token Privileges

Summary

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22.

Severity ?

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-266 - Incorrect Privilege Assignment

Assigner

HashiCorp

References

URL

Tags

Impacted products

Vendor

Product

Version

Affected: 0.10.4 , < 1.20.0 (semver)

Affected: 0.10.4 , < 1.20.0 (semver)

Show details on NVD website

https://discuss.hashicorp.com/t/hcsec-2025-17-vau…

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-5999",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-01T18:08:49.600194Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-01T18:08:59.605Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Vault",
          "repo": "http://github.com/hashicorp/vault",
          "vendor": "HashiCorp",
          "versions": [
            {
              "lessThan": "1.20.0",
              "status": "affected",
              "version": "0.10.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Vault Enterprise",
          "repo": "http://github.com/hashicorp/vault",
          "vendor": "HashiCorp",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.19.6",
                  "status": "unaffected"
                },
                {
                  "at": "1.18.11",
                  "status": "unaffected"
                },
                {
                  "at": "1.16.22",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.20.0",
              "status": "affected",
              "version": "0.10.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA privileged Vault operator with write permissions to the root namespace\u2019s identity endpoint could escalate their own or another user\u2019s token privileges to Vault\u2019s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22.\u003c/p\u003e\u003cbr/\u003e"
            }
          ],
          "value": "A privileged Vault operator with write permissions to the root namespace\u2019s identity endpoint could escalate their own or another user\u2019s token privileges to Vault\u2019s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233: Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266: Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-01T17:38:58.409Z",
        "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "shortName": "HashiCorp"
      },
      "references": [
        {
          "url": "https://discuss.hashicorp.com/t/hcsec-2025-13-vault-root-namespace-operator-may-elevate-token-privileges/76032"
        }
      ],
      "source": {
        "advisory": "HCSEC-2025-13",
        "discovery": "EXTERNAL"
      },
      "title": "Vault Root Namespace Operator May Elevate Token Privileges"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
    "assignerShortName": "HashiCorp",
    "cveId": "CVE-2025-5999",
    "datePublished": "2025-08-01T17:38:58.409Z",
    "dateReserved": "2025-06-11T14:37:52.021Z",
    "dateUpdated": "2025-08-01T18:08:59.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-6014 (GCVE-0-2025-6014)

Vulnerability from cvelistv5 – Published: 2025-08-01 17:50 – Updated: 2025-08-01 18:05

Title

Vault TOTP Secrets Engine Code Reuse

Summary

Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-156 - Improper Neutralization of Whitespace

Assigner

HashiCorp

References

URL

Tags

Impacted products

Vendor

Product

Version

Affected: 0 , < 1.20.1 (semver)

Affected: 0 , < 1.20.1 (semver)

Show details on NVD website

https://discuss.hashicorp.com/t/hcsec-2025-16-vau…

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6014",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-01T18:05:29.589836Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-01T18:05:37.553Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Vault",
          "repo": "https://github.com/hashicorp/vault",
          "vendor": "HashiCorp",
          "versions": [
            {
              "lessThan": "1.20.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Vault Enterprise",
          "repo": "https://github.com/hashicorp/vault",
          "vendor": "HashiCorp",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.19.7",
                  "status": "unaffected"
                },
                {
                  "at": "1.18.12",
                  "status": "unaffected"
                },
                {
                  "at": "1.16.23",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.20.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eVault and Vault Enterprise\u2019s (\u201cVault\u201d) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.\u003c/p\u003e\u003cbr/\u003e"
            }
          ],
          "value": "Vault and Vault Enterprise\u2019s (\u201cVault\u201d) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-153",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-153: Input Data Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-156",
              "description": "CWE-156: Improper Neutralization of Whitespace",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-01T17:50:09.308Z",
        "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "shortName": "HashiCorp"
      },
      "references": [
        {
          "url": "https://discuss.hashicorp.com/t/hcsec-2025-17-vault-totp-secrets-engine-code-reuse/76036"
        }
      ],
      "source": {
        "advisory": "HCSEC-2025-17",
        "discovery": "EXTERNAL"
      },
      "title": "Vault TOTP Secrets Engine Code Reuse"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
    "assignerShortName": "HashiCorp",
    "cveId": "CVE-2025-6014",
    "datePublished": "2025-08-01T17:50:09.308Z",
    "dateReserved": "2025-06-11T19:02:59.572Z",
    "dateUpdated": "2025-08-01T18:05:37.553Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-6004 (GCVE-0-2025-6004)

Vulnerability from cvelistv5 – Published: 2025-08-01 17:56 – Updated: 2025-08-01 19:11

Title

Vault Userpass and LDAP User Lockout Bypass

Summary

Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Assigner

HashiCorp

References

URL

Tags

Impacted products

Vendor

Product

Version

Affected: 1.13.0 , < 1.20.1 (semver)

Affected: 1.13.0 , < 1.20.1 (semver)

Show details on NVD website

https://discuss.hashicorp.com/t/hcsec-2025-19-vau…

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6004",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-01T19:11:39.816519Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-01T19:11:52.729Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Vault",
          "repo": "https://github.com/hashicorp/vault",
          "vendor": "HashiCorp",
          "versions": [
            {
              "lessThan": "1.20.1",
              "status": "affected",
              "version": "1.13.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Vault Enterprise",
          "repo": "https://github.com/hashicorp/vault",
          "vendor": "HashiCorp",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.19.7",
                  "status": "unaffected"
                },
                {
                  "at": "1.18.12",
                  "status": "unaffected"
                },
                {
                  "at": "1.16.23",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.20.1",
              "status": "affected",
              "version": "1.13.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eVault and Vault Enterprise\u2019s (\u201cVault\u201d) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.\u003c/p\u003e\u003cbr/\u003e"
            }
          ],
          "value": "Vault and Vault Enterprise\u2019s (\u201cVault\u201d) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-153",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-153: Input Data Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-307",
              "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-01T17:56:00.780Z",
        "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "shortName": "HashiCorp"
      },
      "references": [
        {
          "url": "https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035"
        }
      ],
      "source": {
        "advisory": "HCSEC-2025-16",
        "discovery": "EXTERNAL"
      },
      "title": "Vault Userpass and LDAP User Lockout Bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
    "assignerShortName": "HashiCorp",
    "cveId": "CVE-2025-6004",
    "datePublished": "2025-08-01T17:56:00.780Z",
    "dateReserved": "2025-06-11T18:36:41.720Z",
    "dateUpdated": "2025-08-01T19:11:52.729Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-6015 (GCVE-0-2025-6015)

Vulnerability from cvelistv5 – Published: 2025-08-01 18:03 – Updated: 2025-08-01 18:35

Title

Vault Login MFA Bypass of Rate Limiting and TOTP Code Reuse

Summary

Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

Severity ?

5.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CWE

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Assigner

HashiCorp

References

URL

Tags

Impacted products

Vendor

Product

Version

Affected: 1.10.0 , < 1.20.1 (semver)

Affected: 1.10.0 , < 1.20.1 (semver)

Show details on NVD website

https://discuss.hashicorp.com/t/hcsec-2025-18-vau…

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6015",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-01T18:35:07.893075Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-01T18:35:17.893Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Vault",
          "repo": "https://github.com/hashicorp/vault",
          "vendor": "HashiCorp",
          "versions": [
            {
              "lessThan": "1.20.1",
              "status": "affected",
              "version": "1.10.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Vault Enterprise",
          "repo": "https://github.com/hashicorp/vault",
          "vendor": "HashiCorp",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.19.7",
                  "status": "unaffected"
                },
                {
                  "at": "1.18.12",
                  "status": "unaffected"
                },
                {
                  "at": "1.16.23",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.20.1",
              "status": "affected",
              "version": "1.10.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eVault and Vault Enterprise\u2019s (\u201cVault\u201d) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.\u003c/p\u003e\u003cbr/\u003e"
            }
          ],
          "value": "Vault and Vault Enterprise\u2019s (\u201cVault\u201d) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-114",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-114: Authentication Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-307",
              "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-01T18:03:53.214Z",
        "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "shortName": "HashiCorp"
      },
      "references": [
        {
          "url": "https://discuss.hashicorp.com/t/hcsec-2025-19-vault-login-mfa-bypass-of-rate-limiting-and-totp-token-reuse/76038"
        }
      ],
      "source": {
        "advisory": "HCSEC-2025-19",
        "discovery": "EXTERNAL"
      },
      "title": "Vault Login MFA Bypass of Rate Limiting and TOTP Code Reuse"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
    "assignerShortName": "HashiCorp",
    "cveId": "CVE-2025-6015",
    "datePublished": "2025-08-01T18:03:53.214Z",
    "dateReserved": "2025-06-11T19:05:27.750Z",
    "dateUpdated": "2025-08-01T18:35:17.893Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-6037 (GCVE-0-2025-6037)

Vulnerability from cvelistv5 – Published: 2025-08-01 17:52 – Updated: 2025-08-02 03:55

Title

Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates

Summary

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

Severity ?

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-295 - Improper Certificate Validation

Assigner

HashiCorp

References

URL

Tags

Impacted products

Vendor

Product

Version

Affected: 0 , < 1.20.1 (semver)

Affected: 0 , < 1.20.1 (semver)

Show details on NVD website