CVE-2025-6037
published 2025-08-01CVE-2025-6037: Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as…
PriorityP433medium6.8CVSS 3.1
AVNACLPRHUIRSUCHIHAH
EPSS
0.21%
11.2th percentile
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_vault | >= 0 < 1.20.1 | 1.20.1 |
| hashicorp | vault | < 1.16.23 | 1.16.23 |
| hashicorp | vault | < 1.20.1 | 1.20.1 |
| hashicorp | vault | — | — |
| hashicorp | vault | >= 1.17.0 < 1.18.12 | 1.18.12 |
| hashicorp | vault | >= 1.19.0 < 1.19.7 | 1.19.7 |
| hashicorp | vault_enterprise | < 1.20.1 | 1.20.1 |
CVSS provenance
nvdv3.16.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Hashicorp Vault has Incorrect Validation for Non-CA Certificates in github.com/hashicorp/vault
osv·2025-08-11
CVE-2025-6037 Hashicorp Vault has Incorrect Validation for Non-CA Certificates in github.com/hashicorp/vault
Hashicorp Vault has Incorrect Validation for Non-CA Certificates in github.com/hashicorp/vault
Hashicorp Vault has Incorrect Validation for Non-CA Certificates in github.com/hashicorp/vault
OSV
Hashicorp Vault has Incorrect Validation for Non-CA Certificates
osv·2025-08-01
CVE-2025-6037 [MEDIUM] Hashicorp Vault has Incorrect Validation for Non-CA Certificates
Hashicorp Vault has Incorrect Validation for Non-CA Certificates
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
GHSA
Hashicorp Vault has Incorrect Validation for Non-CA Certificates
ghsa·2025-08-01
CVE-2025-6037 [MEDIUM] CWE-295 Hashicorp Vault has Incorrect Validation for Non-CA Certificates
Hashicorp Vault has Incorrect Validation for Non-CA Certificates
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Red Hat
github.com/hashicorp/vault: Vault TLS Certificate Authentication Impersonation Vulnerability
vendor_redhat·2025-08-01·CVSS 6.8
CVE-2025-6037 [MEDIUM] CWE-295 github.com/hashicorp/vault: Vault TLS Certificate Authentication Impersonation Vulnerability
github.com/hashicorp/vault: Vault TLS Certificate Authentication Impersonation Vulnerability
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
A flaw was found in github.com/hashicorp/vault. The TLS certificate authentication method fails to properly validate client certificates when a non-CA certificate is designated as trusted. This vulnerability enables an attacker
No detection rules found.
No public exploits indexed.
2025-08-01
Published