Lucene search
K

5 matches found

NVD
NVD
added 2025/08/01 6:15 p.m.23 views

CVE-2025-6037

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...

6.8CVSS0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/01 5:52 p.m.5 views

CVE-2025-6037 Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...

6.8CVSS6.3AI score0.00221EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/01 5:52 p.m.27 views

CVE-2025-6037 Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...

6.8CVSS0.00221EPSS
Exploits0References1
CVE
CVE
added 2025/08/01 5:52 p.m.49 views

CVE-2025-6037

CVE-2025-6037: HashiCorp Vault and Vault Enterprise TLS certificate authentication failed to validate client certificates when configured with non-CA certificates as trusted, potentially allowing impersonation. Affected products: Vault Community Edition and Vault Enterprise; root cause: incorrect...

6.8CVSS6.9AI score0.00221EPSS
Exploits0References1Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2025/08/01 5:24 p.m.9 views

Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates

Summary Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate . In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonat...

6.8CVSS6.8AI score0.00221EPSS
Exploits0Affected Software1
Rows per page
Query Builder