CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-6011 – Timing Side-Channel in Vault’s Userpass Auth Method
https://notcve.org/view.php?id=CVE-2025-6011
01 Aug 2025 — A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. Un canal lateral de temporización en el método de autenticación por contraseña de usuario de Vault y Vault Enterprise (Vault) permitía a un atacante distinguir entre usuarios e... • https://discuss.hashicorp.com/t/hcsec-2025-15-timing-side-channel-in-vault-s-userpass-auth-method/76034 • CWE-203: Observable Discrepancy •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-6037 – Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates
https://notcve.org/view.php?id=CVE-2025-6037
01 Aug 2025 — Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. El método de autenticación de cert... • https://discuss.hashicorp.com/t/hcsec-2025-18-vault-certificate-auth-method-did-not-validate-common-name-for-non-ca-certificates/76037 • CWE-295: Improper Certificate Validation •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-6014 – Vault TOTP Secrets Engine Code Reuse
https://notcve.org/view.php?id=CVE-2025-6014
01 Aug 2025 — Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. El endpoint de validación de código del motor de secretos TOTP de Vault y Vault Enterprise (Vault) es susceptible de reutilización dentro de su periodo de validez. Corregido en Vault Community Edition 1.20.1 y Vault Enterprise 1.20.1, 1.19.7, 1.18.12 y 1.16.23. • https://discuss.hashicorp.com/t/hcsec-2025-17-vault-totp-secrets-engine-code-reuse/76036 • CWE-156: Improper Neutralization of Whitespace •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-6000 – Arbitrary Remote Code Execution via Plugin Catalog Abuse
https://notcve.org/view.php?id=CVE-2025-6000
01 Aug 2025 — A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. Un operador privilegiado de Vault dentro del espacio de nombres raíz con permiso de escritura en {{sys/audit}} puede obtener la ejecución de código en el host subyacente si se establece un directorio de complementos ... • https://discuss.hashicorp.com/t/hcsec-2025-14-privileged-vault-operator-may-execute-code-on-the-underlying-host/76033 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-5999 – Vault Root Namespace Operator May Elevate Token Privileges
https://notcve.org/view.php?id=CVE-2025-5999
01 Aug 2025 — A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22. Un operador privilegiado de Vault con permisos de escritura en el endpoint de identidad del espacio de nombres raíz podría escalar sus propios privilegios de token o los de otro usuario a la política root de Vault. Corregido en Vault Com... • https://discuss.hashicorp.com/t/hcsec-2025-13-vault-root-namespace-operator-may-elevate-token-privileges/76032 • CWE-266: Incorrect Privilege Assignment •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-3879 – Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login
https://notcve.org/view.php?id=CVE-2025-3879
02 May 2025 — Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18. These are all security issues fixed in the govulncheck-vulndb-0.0.20250506T153719-1.1 package on the GA media of openSUSE Tumbleweed. • https://discuss.hashicorp.com/t/hcsec-2025-07-vault-s-azure-authentication-method-bound-location-restriction-could-be-bypassed-on-login/74716 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-4166 – Vault May Include Sensitive Data in Error Logs When Using the KV v2 Plugin
https://notcve.org/view.php?id=CVE-2025-4166
02 May 2025 — Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is fixed in Vault Community 1.19.3 and Vault Enterprise 1.19.3, 1.18.9, 1.17.16, 1.16.20. These are all security issues fixed in the govulncheck-vulndb-0.0.20250506T153719-1.1 package on the GA media of openSUSE Tum... • https://discuss.hashicorp.com/t/hcsec-2025-09-vault-may-expose-sensitive-information-in-error-logs-when-processing-malformed-data-with-the-kv-v2-plugin • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9180 – Vault Operators in Root Namespace May Elevate Their Privileges
https://notcve.org/view.php?id=CVE-2024-9180
10 Oct 2024 — A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16. An update that fixes 56 vulnerabilities, contains one feature is now available. This update for govulncheck-vulndb fixes the following issues. • https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565 • CWE-266: Incorrect Privilege Assignment •
CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5798 – Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
https://notcve.org/view.php?id=CVE-2024-5798
12 Jun 2024 — Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected. This vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9 Vault y Vault Enterprise no validaron correctamente la reclamación de audiencia vinculada a roles ... • https://discuss.hashicorp.com/t/hcsec-2024-11-vault-incorrectly-validated-json-web-tokens-jwt-audience-claims/67770 • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-6337 – Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
https://notcve.org/view.php?id=CVE-2023-6337
08 Dec 2023 — HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12. HashiCorp Vault y Vault Enterprise 1.12.0 y versiones posteriores son vulnerables a una denegación de servicio debido... • https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741 • CWE-770: Allocation of Resources Without Limits or Throttling •