CVE-2025-6000 — Code Injection in Vault Enterprise

CWE-94 — Code Injection11 documents7 sources

Severity

9.1CRITICALNVD

EPSS

0.2%

top 57.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hashicorp Vault Enterprise Github.com Hashicorp Vault Github.com Openbao Openbao +1 more

Timeline

PublishedAug 1

Latest updateAug 11

Description

A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages4 packages

▶CVEListV5hashicorp/vault_enterprise0.8.0 — 1.20.1

▶NVDhashicorp/vault0.8.0 — 1.16.23+4

▶Gogithub.com/hashicorp_vault0.8.0 — 1.20.1

▶Gogithub.com/openbao_openbao0.1.0 — 2.3.2+1

🔴Vulnerability Details

OSV

Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration in github.com/hashicorp/vault↗2025-08-11

▶

GHSA

Privileged OpenBao Operator May Execute Code on the Underlying Host↗2025-08-08

▶

OSV

Privileged OpenBao Operator May Execute Code on the Underlying Host↗2025-08-08

▶

OSV

Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration↗2025-08-01

▶

GHSA

Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration↗2025-08-01

▶

💥Exploits & PoCs

Exploit-DB

atjiu pybbs 6.0.0 - Cross Site Scripting (XSS)↗2025-08-11

▶

Nuclei

Mitel 6000 - OS Command Injection

▶

📋Vendor Advisories

Red Hat

github.com/hashicorp/vault: Vault Plugin Code Execution Vulnerability↗2025-08-01

▶