How does the HashiCorp Vault exploit work?

An attacker with privileged Vault operator permissions can use Vault's file audit component to write a malicious executable to the server's plugin directory, use the sys/audit-hash endpoint to calculate the required SHA256 hash for validation, then register the malicious file as a legitimate Vault plugin, causing Vault to execute their code.

What permissions are required to exploit this vulnerability?

The attacker must already have high-level administrative access to Vault's root namespace with sys/audit write permissions. This isn't something an external attacker can do remotely without first compromising privileged credentials.

Which versions of HashiCorp Vault are affected?

Affected versions include Vault Community Edition from version 0.8.0 up to but not including 1.20.1, and Vault Enterprise from version 0.8.0 up to but not including versions 1.20.0, 1.19.6, 1.18.11, 1.16.22, and 1.15.15.

What patches are available for this HashiCorp Vault vulnerability?

HashiCorp has released patches across multiple version branches. Fixed versions are available in Vault Community Edition 1.20.1 and Vault Enterprise versions 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

Advisory

HashiCorp patches critical flaw in Vault allowing privileged code execution

Q: What vulnerability was discovered in HashiCorp Vault?

HashiCorp reported a critical vulnerability in its Vault secrets management platform that could allow privileged operators to execute arbitrary code on the underlying host system. The flaw is tracked as CVE-2025-6000 with a CVSS score of 9.1.

Q: What can attackers do with this HashiCorp Vault vulnerability?

The vulnerability enables authenticated operators with elevated privileges within Vault's root namespace to write files to arbitrary locations on the server and potentially achieve complete system compromise by executing arbitrary code with full system privileges.

Q: Is HashiCorp's managed HCP Vault Dedicated service affected?

No, the vulnerability cannot be exploited in HashiCorp's managed HCP Vault Dedicated service due to its implementation of administrative namespaces.

Q: What scenarios could lead to exploitation of this vulnerability?

While the attacker needs high-level administrative access, if a privileged user is compromised through an infostealer, other malware, or phishing attacks, this vulnerability can be exploited to fully compromise the Vault system.

published: Aug. 4, 2025

Take action: If you're running HashiCorp Vault, advise your Vault admins of this risk and remind them of best practices for avoiding phishing and malware on their systems and accounts. Then plan a regular update cycle of Vault. Just don't ignore this.

Learn More

HashiCorp is reporting a critical vulnerability in its Vault secrets management platform that could allow privileged operators to execute arbitrary code on the underlying host system. The flaw is mitigated by the very high initial permissions required to exploit it.

The flaw is tracked as CVE-2025-6000 (CVSS score 9.1) and enables authenticated operators with elevated privileges within Vault's root namespace to write files to arbitrary locations on the server and potentially achieve complete system compromise.

An attacker with privileged Vault operator permissions (with sys/audit write permissions) can use Vault's file audit component to write a malicious executable file directly to the server's plugin directory.
The attacker will use the Vault's sys/audit-hash endpoint to calculate the exact SHA256 hash that Vault requires to validate and execute the malicious file as a legitimate plugin.
The attacker then registers their malicious file as a Vault plugin using the calculated hash, causing Vault to execute their code with full system privileges on the underlying host.

Additionally, security researchers from Cyata, report multiple additional vulnerabilities in Hashicorp Vault

CVE-2025-5999 (CVSS 7.2) - Privilege Escalation to Root via Case Manipulation
CVE-2025-6037 (CVSS 6.8) - Certificate Authentication – Missing CommonName Validation
CVE-2025-6037 (CVSS 6.8) - Certificate Authentication – Missing CommonName Validation
CVE-2025-6010 - Redacted (Pending Fix) - Temporarily withheld from publication at vendor request
CVE-2025-6013 (CVSS 6.5) - LDAP MFA enforcement Bypass
CVE-2025-6014 (CVSS 6.5) - TOTP Secret Engine – Reuse of "One-Time" Codes
CVE-2025-6016 (CVSS 5.7) - TOTP MFA Code Enumeration and Bypass of Rate Limiting
CVE-2025-6004 (CVSS 5.3) - Userpass Lockout Bypass via Username Normalization and LDAP Lockout Bypass via Username Normalization
CVE-2025-6011 (CVSS 3.7) - Timing Side Channel in Userpass Authentication

NOTE - The attacker must already have high-level administrative access to Vault's root namespace - this isn't something an external attacker can do remotely without first compromising privileged credentials. Nevertheless, if a privileged user is compromised (through an infostealer, other malware or phishing) this vector can be exploited to fully compromise the Vault system.

Affected versions of HashiCorp Vault include:

Vault Community Edition from version 0.8.0 up to but not including 1.20.1
Vault Enterprise from version 0.8.0 up to but not including 1.20.0, 1.19.6, 1.18.11, 1.16.22, and 1.15.15

The vulnerability can't be exploited in HashiCorp's managed HCP Vault Dedicated service due to its implementation of administrative namespaces.

HashiCorp has released patches across multiple version branches to address the vulnerability. Fixed versions are now available in Vault Community Edition 1.20.1 and Vault Enterprise versions 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

HashiCorp patches critical flaw in Vault allowing privileged code execution

Read More
Elastic fixes critical prototype pollution flaw in Kibana
GNU C Library flaw allows local attackers to …
Elastic reports critical vulnerabilities in Kibana, releases patch
CISA reports actively exploited Critical HPE OneView flaw
Critical Adobe Experience Manager flaw actively exploited