CVE-2025-6037

Published Aug 1, 2025

Last updated 7 months ago

CVSS medium 6.8

hsm

Overview

Description: Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Source: security@hashicorp.com
NVD status: Analyzed
Products: vault

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.8
Impact score: 5.9
Exploitability score: 0.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Severity: MEDIUM

Weaknesses

security@hashicorp.com: CWE-295

Hype score: Not currently trending

CVE-2025-6037 Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted c… https://t.co/nL99cTnKq2
@CVEnew
1 Aug 2025
353 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "FACD8B3A-DF81-45FE-A046-C52946E2FCC4",
            "versionEndExcluding": "1.16.23",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
            "matchCriteriaId": "3AC59271-E95C-433B-A789-F30C3DDBD579",
            "versionEndExcluding": "1.20.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "9E750D53-BBA7-4922-85CA-E55852B0A23A",
            "versionEndExcluding": "1.18.12",
            "versionStartIncluding": "1.17.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "EE2F3725-EADA-4406-9D63-8EDAF161CE2A",
            "versionEndExcluding": "1.19.7",
            "versionStartIncluding": "1.19.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:hashicorp:vault:1.20.0:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "562AD4B9-82F5-45C4-9214-7428247B790A",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References