Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/08/04 9:33 a.m.4 views

CVE-2025-6000

A flaw was found in github.com/hashicorp/vault. This vulnerability allows a privileged Vault operator with write access to the sys/audit endpoint to achieve code execution on the host system if a plugin directory is configured. This issue arises from the operator's ability to write malicious code...

9.1CVSS6.7AI score0.00867EPSS
Exploits0References5
Circl
Circl
added 2025/08/02 7:31 a.m.11 views

CVE-2025-6000

creationtimestamp| type| source ---|---|--- 2025-08-02 07:31:39+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3lvfniqwniw2u 2025-08-04 16:30:36+00:00| seen| https://bsky.app/profile/thedailytechfeed.com/post/3lvlmk6ewnk2e 2025-08-07 01:58:03+00:00| seen|...

9.1CVSS7.2AI score0.00867EPSS
Exploits0References5
OSV
OSV
added 2025/08/01 5:40 p.m.5 views

CVE-2025-6000 Arbitrary Remote Code Execution via Plugin Catalog Abuse

A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

9.1CVSS7.7AI score0.00867EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/01 5:40 p.m.5 views

CVE-2025-6000 Arbitrary Remote Code Execution via Plugin Catalog Abuse

A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

9.1CVSS6.9AI score0.00867EPSS
Exploits0References1
CVE
CVE
added 2025/08/01 5:40 p.m.89 views

CVE-2025-6000

CVE-2025-6000 affects HashiCorp Vault where a privileged Vault operator in the root namespace with write access to {{sys/audit}} can trigger code execution on the host via a misconfigured plugin directory. Connected advisories corroborate the root-namespace operator scenario and the plugin-direct...

9.1CVSS7.6AI score0.00867EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/08/01 5:40 p.m.11 views

CVE-2025-6000 Arbitrary Remote Code Execution via Plugin Catalog Abuse

A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

9.1CVSS0.00867EPSS
Exploits0References1
Rows per page
Query Builder