CVE-2025-6000

Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 1.20.1 HashiCorp Vault versions 1.19.7 and earlier HashiCorp Vault versions 1.18.12 and earlier HashiCorp Vault versions 1.16.23 and earlier HashiCorp Vault versions 0.8.0 through 1.16.22 HashiCorp Vault versions 1.17.x HashiCorp Vault versions 1.18.x HashiCorp Vault versions 1.19.x HashiCorp Vault versions 1.20.0

Description A privileged Vault operator within the root namespace, possessing write permission to the {{sys/audit}} endpoint, may achieve code execution on the underlying host if a plugin directory is configured within Vault’s configuration. The vulnerability allows for remote code execution (RCE) via misconfigured plugin directories.

Recommendations HashiCorp Vault versions prior to 1.20.1: Upgrade to version 1.20.1 or later. HashiCorp Vault versions 1.19.7 and earlier: Upgrade to version 1.19.7 or later. HashiCorp Vault versions 1.18.12 and earlier: Upgrade to version 1.18.12 or later. HashiCorp Vault versions 1.16.23 and earlier: Upgrade to version 1.16.23 or later. HashiCorp Vault versions 0.8.0 through 1.16.22: Upgrade to version 1.20.1 or later. HashiCorp Vault versions 1.17.x: Upgrade to version 1.20.1 or later. HashiCorp Vault versions 1.18.x: Upgrade to version 1.20.1 or later. HashiCorp Vault versions 1.19.x: Upgrade to version 1.20.1 or later. HashiCorp Vault versions 1.20.0: Upgrade to version 1.20.1 or later.