CVE-2025-6000

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-6000

Severity

9.1

Critical

CVSS V3

Description

A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

References

https://images.chainguard.dev/security/CGA-rr7r-6cgf-vjqc
https://github.com/advisories/GHSA-mr4h-qf9j-f665
https://images.chainguard.dev/security/CGA-hmvw-3fcv-645g
https://images.chainguard.dev/security/CGA-2wh8-p9c3-crqm
https://images.chainguard.dev/security/CGA-hhrw-783h-2vq6
https://images.chainguard.dev/security/CGA-88mh-34m2-f584
https://images.chainguard.dev/security/CGA-hrrq-h8m5-7696
https://images.chainguard.dev/security/CGA-jrf9-jfhq-3gqg
https://images.chainguard.dev/security/CGA-9jvv-j8gr-v4px
https://discuss.hashicorp.com/t/hcsec-2025-14-privileged-vault-operator-may-execute-code-on-the-underlying-host/76033

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2025-6000

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company