6 matches found
CVE-2025-6000
A flaw was found in github.com/hashicorp/vault. This vulnerability allows a privileged Vault operator with write access to the sys/audit endpoint to achieve code execution on the host system if a plugin directory is configured. This issue arises from the operator's ability to write malicious code...
CVE-2025-6000
creationtimestamp| type| source ---|---|--- 2025-08-02 07:31:39+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3lvfniqwniw2u 2025-08-04 16:30:36+00:00| seen| https://bsky.app/profile/thedailytechfeed.com/post/3lvlmk6ewnk2e 2025-08-07 01:58:03+00:00| seen|...
CVE-2025-6000 Arbitrary Remote Code Execution via Plugin Catalog Abuse
A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
CVE-2025-6000 Arbitrary Remote Code Execution via Plugin Catalog Abuse
A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
CVE-2025-6000
CVE-2025-6000 affects HashiCorp Vault where a privileged Vault operator in the root namespace with write access to {{sys/audit}} can trigger code execution on the host via a misconfigured plugin directory. Connected advisories corroborate the root-namespace operator scenario and the plugin-direct...
CVE-2025-6000 Arbitrary Remote Code Execution via Plugin Catalog Abuse
A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...