- Description
- A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
- Source
- security@hashicorp.com
- NVD status
- Analyzed
- Products
- vault
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security@hashicorp.com
- CWE-94
- Hype score
- Not currently trending
#VulnerabilityReport #CVE20256000 Critical HashiCorp Vault Flaw (CVE-2025-6000) Allows Code Execution for Privileged Users https://t.co/NpB2IJXuY9
@Komodosec
8 Sept 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: A Critical RCE vulnerability in #HashiCorp Vault enables attackers to execute arbitrary code, bypass auth, escalate privileges & impersonate users. #CVE-2025-6000 CVSS(3.1): 9.1 Read the advisory: https://t.co/UjtEKYG1SA and #patch #patch #patch
@CCBalert
11 Aug 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability has been disclosed in HashiCorp Vault, tracked as CVE-2025-6000 (CVSS score 9.1), which allows a privileged attacker with write access to the sys/audit endpoint to remotely execute arbitrary code on the host system. This vulnerability affects Vault http
@zakpatrik
4 Aug 2025
90 Impressions
0 Retweets
0 Likes
1 Bookmark
1 Reply
0 Quotes
HashiCorpは、Vaultにおける重大な脆弱性(CVE-2025-6000、CVSS 9.1)を修正した。 Vaultの監査ログ機能(sys/audit)を悪用することで、特権を持つオペレータがホスト上で任意コードを実行できる恐れがある。
@yousukezan
4 Aug 2025
889 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CRITICAL: CVE-2025-6000 exposes HashiCorp Vault (0.8.0+) to code injection if a plugin dir is set. Privileged operators can gain host access. Patch to 1.20.1+ ASAP! 🔒 https://t.co/LtHmxaImat #OffSeq #HashiCo... https://t.co/aLxx5yvx3Y
@offseq
2 Aug 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6000 kan leda till fjärrkodexekvering i HashiCorp Vault genom osäker pluginsökväg. Uppgradera snarast för att skydda er miljö. #säkerhet #cybersäkerhet #CVE
@Sakerhetsblogg
1 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-6000: CRITICAL] Critical security vulnerability in Vault fixed in versions 1.20.1 & 1.19.7, 1.18.12, and 1.16.23. Attackers could gain code execution, affecting cyber security.#cve,CVE-2025-6000,#cybersecurity https://t.co/icXcrAB4kJ https://t.co/WiBEwH5rqL
@CveFindCom
1 Aug 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6000 A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is s… https://t.co/W8cEQOV36l
@CVEnew
1 Aug 2025
228 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "FCD327AD-C93D-4353-8717-BEB4E151CCF7",
"versionEndExcluding": "1.16.23",
"versionStartIncluding": "0.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "C598E548-B50B-4E40-9BA5-9CEF42699F4C",
"versionEndExcluding": "1.20.1",
"versionStartIncluding": "0.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "9E750D53-BBA7-4922-85CA-E55852B0A23A",
"versionEndExcluding": "1.18.12",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "EE2F3725-EADA-4406-9D63-8EDAF161CE2A",
"versionEndExcluding": "1.19.7",
"versionStartIncluding": "1.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:1.20.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "562AD4B9-82F5-45C4-9214-7428247B790A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]