Advanced Threat Data Export

Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.

Vulnerability Keyword

Date Range

Severity

Format

Upgrade Package

Data export is locked. Upgrade your package to enable filtering and downloading.

← Back to CVE List

CVE-2025-6000NVD

Description

A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

Severity Level

CRITICAL (9.1)

Published Date

01/08/2025

Last Modified

13/08/2025

Exploitation Status

UNKNOWN

References

https://discuss.hashicorp.com/t/hcsec-2025-14-privileged-vault-operator-may-execute-code-on-the-underlying-host/76033