CVE-2025-3879
published 2025-05-02CVE-2025-3879: Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential…
PriorityP351high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.35%
27.0th percentile
Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_vault | >= 1.10.0 < 1.19.1 | 1.19.1 |
| hashicorp | vault | — | — |
| hashicorp | vault | >= 0.10.0 < 1.16.18 | 1.16.18 |
| hashicorp | vault | >= 0.10.0 < 1.19.1 | 1.19.1 |
| hashicorp | vault | >= 1.17.0 < 1.17.14 | 1.17.14 |
| hashicorp | vault | >= 1.18.0 < 1.18.7 | 1.18.7 |
| hashicorp | vault_enterprise | >= 0.10.0 < 1.19.1 | 1.19.1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat6.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
vault: Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login
vendor_redhat·2025-05-02·CVSS 6.6
CVE-2025-3879 [MEDIUM] CWE-863 vault: Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login
vault: Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login
Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18.
A flaw was found in the Hashicorp Vault component. Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login.
The user-provided vm_name or vmss_name login parameters were not validated against the Azure-issued token claims. Setting a vm_name or vmss_name th
OSV
Hashicorp Vault Community vulnerable to Incorrect Authorization in github.com/hashicorp/vault
osv·2025-05-06
CVE-2025-3879 Hashicorp Vault Community vulnerable to Incorrect Authorization in github.com/hashicorp/vault
Hashicorp Vault Community vulnerable to Incorrect Authorization in github.com/hashicorp/vault
Hashicorp Vault Community vulnerable to Incorrect Authorization in github.com/hashicorp/vault
OSV
Hashicorp Vault Community vulnerable to Incorrect Authorization
osv·2025-05-02
CVE-2025-3879 [MEDIUM] Hashicorp Vault Community vulnerable to Incorrect Authorization
Hashicorp Vault Community vulnerable to Incorrect Authorization
Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18.
GHSA
Hashicorp Vault Community vulnerable to Incorrect Authorization
ghsa·2025-05-02
CVE-2025-3879 [MEDIUM] CWE-863 Hashicorp Vault Community vulnerable to Incorrect Authorization
Hashicorp Vault Community vulnerable to Incorrect Authorization
Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-05-02
Published