CVE-2025-6000

Summary

A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

Affected Software

VendorProductVersion RangeStatus
HashiCorpVault0.8.0 < 1.20.1affected
HashiCorpVault Enterprise0.8.0 < 1.20.1affected

Weaknesses

  • CWE-94: CWE-94: Improper Control of Generation of Code (Code Injection)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References