PT-2025-31663 · Hashicorp+1 · Vault Enterprise+2
Yarden Porat
·
Published
2025-08-01
·
Updated
2025-09-05
·
CVE-2025-6037
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Vault versions prior to 1.20.1
Vault Enterprise versions prior to 1.20.1
Vault Enterprise versions prior to 1.19.7
Vault Enterprise versions prior to 1.18.12
Vault Enterprise versions prior to 1.16.23
Description
The TLS certificate auth method in Vault and Vault Enterprise did not correctly validate client certificates when configured with a non-CA certificate as a trusted certificate. This allowed an attacker to potentially craft a malicious certificate to impersonate another user.
Recommendations
Update Vault to version 1.20.1 or later.
Update Vault Enterprise to version 1.20.1 or later.
Update Vault Enterprise to version 1.19.7 or later.
Update Vault Enterprise to version 1.18.12 or later.
Update Vault Enterprise to version 1.16.23 or later.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Os
Vault
Vault Enterprise