CVE-2025-6037Improper Certificate Validation in Vault Enterprise

CWE-295Improper Certificate Validation6 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 81.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Hashicorp Vault EnterpriseGithub.com Hashicorp VaultHashicorp Vault
Timeline
PublishedAug 1
Latest updateAug 11

Description

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5hashicorp/vault_enterprise< 1.20.1
NVDhashicorp/vault1.17.01.18.12+4

🔴Vulnerability Details

3
OSV
Hashicorp Vault has Incorrect Validation for Non-CA Certificates in github.com/hashicorp/vault2025-08-11
OSV
Hashicorp Vault has Incorrect Validation for Non-CA Certificates2025-08-01
GHSA
Hashicorp Vault has Incorrect Validation for Non-CA Certificates2025-08-01

📋Vendor Advisories

1
Red Hat
github.com/hashicorp/vault: Vault TLS Certificate Authentication Impersonation Vulnerability2025-08-01

💬Community

1
Bugzilla
CVE-2025-38180 kernel: Linux kernel: Use-After-Free vulnerability in ATM subsystem2025-07-04