CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-6000

A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.4%

CVSS Severity

CVSS v3 Score 9.1

References

https://discuss.hashicorp.com/t/hcsec-2025-14-privileged-vault-operator-may-execute-code-on-the-underlying-host/76033

Products affected by CVE-2025-6000

Hashicorp » Vault » Version: 0.10.0

cpe:2.3:a:hashicorp:vault:0.10.0
Hashicorp » Vault » Version: 0.10.4

cpe:2.3:a:hashicorp:vault:0.10.4
Hashicorp » Vault » Version: 0.11.0

cpe:2.3:a:hashicorp:vault:0.11.0
Hashicorp » Vault » Version: 0.8.0

cpe:2.3:a:hashicorp:vault:0.8.0
Hashicorp » Vault » Version: 0.9.2

cpe:2.3:a:hashicorp:vault:0.9.2
Hashicorp » Vault » Version: 1.0.0

cpe:2.3:a:hashicorp:vault:1.0.0
Hashicorp » Vault » Version: 1.0.1

cpe:2.3:a:hashicorp:vault:1.0.1
Hashicorp » Vault » Version: 1.0.2

cpe:2.3:a:hashicorp:vault:1.0.2
Hashicorp » Vault » Version: 1.0.3

cpe:2.3:a:hashicorp:vault:1.0.3
Hashicorp » Vault » Version: 1.1.0

cpe:2.3:a:hashicorp:vault:1.1.0
Hashicorp » Vault » Version: 1.1.1

cpe:2.3:a:hashicorp:vault:1.1.1
Hashicorp » Vault » Version: 1.1.2

cpe:2.3:a:hashicorp:vault:1.1.2
Hashicorp » Vault » Version: 1.1.3

cpe:2.3:a:hashicorp:vault:1.1.3
Hashicorp » Vault » Version: 1.1.4

cpe:2.3:a:hashicorp:vault:1.1.4
Hashicorp » Vault » Version: 1.1.5

cpe:2.3:a:hashicorp:vault:1.1.5
Hashicorp » Vault » Version: 1.10.0

cpe:2.3:a:hashicorp:vault:1.10.0
Hashicorp » Vault » Version: 1.10.11

cpe:2.3:a:hashicorp:vault:1.10.11
Hashicorp » Vault » Version: 1.10.2

cpe:2.3:a:hashicorp:vault:1.10.2
Hashicorp » Vault » Version: 1.10.3

cpe:2.3:a:hashicorp:vault:1.10.3
Hashicorp » Vault » Version: 1.10.7

cpe:2.3:a:hashicorp:vault:1.10.7
Hashicorp » Vault » Version: 1.11.0

cpe:2.3:a:hashicorp:vault:1.11.0
Hashicorp » Vault » Version: 1.11.3

cpe:2.3:a:hashicorp:vault:1.11.3
Hashicorp » Vault » Version: 1.11.4

cpe:2.3:a:hashicorp:vault:1.11.4
Hashicorp » Vault » Version: 1.11.8

cpe:2.3:a:hashicorp:vault:1.11.8
Hashicorp » Vault » Version: 1.12.0

cpe:2.3:a:hashicorp:vault:1.12.0
Hashicorp » Vault » Version: 1.12.11

cpe:2.3:a:hashicorp:vault:1.12.11
Hashicorp » Vault » Version: 1.12.4

cpe:2.3:a:hashicorp:vault:1.12.4
Hashicorp » Vault » Version: 1.12.8

cpe:2.3:a:hashicorp:vault:1.12.8
Hashicorp » Vault » Version: 1.13.0

cpe:2.3:a:hashicorp:vault:1.13.0
Hashicorp » Vault » Version: 1.13.10

cpe:2.3:a:hashicorp:vault:1.13.10
Hashicorp » Vault » Version: 1.13.4

cpe:2.3:a:hashicorp:vault:1.13.4
Hashicorp » Vault » Version: 1.13.5

cpe:2.3:a:hashicorp:vault:1.13.5
Hashicorp » Vault » Version: 1.13.7

cpe:2.3:a:hashicorp:vault:1.13.7
Hashicorp » Vault » Version: 1.13.8

cpe:2.3:a:hashicorp:vault:1.13.8
Hashicorp » Vault » Version: 1.14.0

cpe:2.3:a:hashicorp:vault:1.14.0
Hashicorp » Vault » Version: 1.14.1

cpe:2.3:a:hashicorp:vault:1.14.1
Hashicorp » Vault » Version: 1.14.10

cpe:2.3:a:hashicorp:vault:1.14.10
Hashicorp » Vault » Version: 1.14.11

cpe:2.3:a:hashicorp:vault:1.14.11
Hashicorp » Vault » Version: 1.14.12

cpe:2.3:a:hashicorp:vault:1.14.12
Hashicorp » Vault » Version: 1.14.13

cpe:2.3:a:hashicorp:vault:1.14.13
Hashicorp » Vault » Version: 1.14.2

cpe:2.3:a:hashicorp:vault:1.14.2
Hashicorp » Vault » Version: 1.14.3

cpe:2.3:a:hashicorp:vault:1.14.3
Hashicorp » Vault » Version: 1.14.4

cpe:2.3:a:hashicorp:vault:1.14.4
Hashicorp » Vault » Version: 1.14.5

cpe:2.3:a:hashicorp:vault:1.14.5
Hashicorp » Vault » Version: 1.14.6

cpe:2.3:a:hashicorp:vault:1.14.6
Hashicorp » Vault » Version: 1.14.7

cpe:2.3:a:hashicorp:vault:1.14.7
Hashicorp » Vault » Version: 1.14.8

cpe:2.3:a:hashicorp:vault:1.14.8
Hashicorp » Vault » Version: 1.14.9

cpe:2.3:a:hashicorp:vault:1.14.9
Hashicorp » Vault » Version: 1.15.0

cpe:2.3:a:hashicorp:vault:1.15.0
Hashicorp » Vault » Version: 1.15.10

cpe:2.3:a:hashicorp:vault:1.15.10
Hashicorp » Vault » Version: 1.15.11

cpe:2.3:a:hashicorp:vault:1.15.11
Hashicorp » Vault » Version: 1.15.12

cpe:2.3:a:hashicorp:vault:1.15.12
Hashicorp » Vault » Version: 1.15.13

cpe:2.3:a:hashicorp:vault:1.15.13
Hashicorp » Vault » Version: 1.15.14

cpe:2.3:a:hashicorp:vault:1.15.14
Hashicorp » Vault » Version: 1.15.15

cpe:2.3:a:hashicorp:vault:1.15.15
Hashicorp » Vault » Version: 1.15.16

cpe:2.3:a:hashicorp:vault:1.15.16
Hashicorp » Vault » Version: 1.15.2

cpe:2.3:a:hashicorp:vault:1.15.2
Hashicorp » Vault » Version: 1.15.3

cpe:2.3:a:hashicorp:vault:1.15.3
Hashicorp » Vault » Version: 1.15.4

cpe:2.3:a:hashicorp:vault:1.15.4
Hashicorp » Vault » Version: 1.15.5

cpe:2.3:a:hashicorp:vault:1.15.5
Hashicorp » Vault » Version: 1.15.6

cpe:2.3:a:hashicorp:vault:1.15.6
Hashicorp » Vault » Version: 1.15.7

cpe:2.3:a:hashicorp:vault:1.15.7
Hashicorp » Vault » Version: 1.15.8

cpe:2.3:a:hashicorp:vault:1.15.8
Hashicorp » Vault » Version: 1.15.9

cpe:2.3:a:hashicorp:vault:1.15.9
Hashicorp » Vault » Version: 1.16.0

cpe:2.3:a:hashicorp:vault:1.16.0
Hashicorp » Vault » Version: 1.16.1

cpe:2.3:a:hashicorp:vault:1.16.1
Hashicorp » Vault » Version: 1.16.10

cpe:2.3:a:hashicorp:vault:1.16.10
Hashicorp » Vault » Version: 1.16.11

cpe:2.3:a:hashicorp:vault:1.16.11
Hashicorp » Vault » Version: 1.16.12

cpe:2.3:a:hashicorp:vault:1.16.12
Hashicorp » Vault » Version: 1.16.13

cpe:2.3:a:hashicorp:vault:1.16.13
Hashicorp » Vault » Version: 1.16.14

cpe:2.3:a:hashicorp:vault:1.16.14
Hashicorp » Vault » Version: 1.16.15

cpe:2.3:a:hashicorp:vault:1.16.15
Hashicorp » Vault » Version: 1.16.16

cpe:2.3:a:hashicorp:vault:1.16.16
Hashicorp » Vault » Version: 1.16.17

cpe:2.3:a:hashicorp:vault:1.16.17
Hashicorp » Vault » Version: 1.16.18

cpe:2.3:a:hashicorp:vault:1.16.18
Hashicorp » Vault » Version: 1.16.19

cpe:2.3:a:hashicorp:vault:1.16.19
Hashicorp » Vault » Version: 1.16.2

cpe:2.3:a:hashicorp:vault:1.16.2
Hashicorp » Vault » Version: 1.16.20

cpe:2.3:a:hashicorp:vault:1.16.20
Hashicorp » Vault » Version: 1.16.21

cpe:2.3:a:hashicorp:vault:1.16.21
Hashicorp » Vault » Version: 1.16.22

cpe:2.3:a:hashicorp:vault:1.16.22
Hashicorp » Vault » Version: 1.16.3

cpe:2.3:a:hashicorp:vault:1.16.3
Hashicorp » Vault » Version: 1.16.4

cpe:2.3:a:hashicorp:vault:1.16.4
Hashicorp » Vault » Version: 1.16.5

cpe:2.3:a:hashicorp:vault:1.16.5
Hashicorp » Vault » Version: 1.16.6

cpe:2.3:a:hashicorp:vault:1.16.6
Hashicorp » Vault » Version: 1.16.7

cpe:2.3:a:hashicorp:vault:1.16.7
Hashicorp » Vault » Version: 1.16.8

cpe:2.3:a:hashicorp:vault:1.16.8
Hashicorp » Vault » Version: 1.16.9

cpe:2.3:a:hashicorp:vault:1.16.9
Hashicorp » Vault » Version: 1.17.0

cpe:2.3:a:hashicorp:vault:1.17.0
Hashicorp » Vault » Version: 1.17.1

cpe:2.3:a:hashicorp:vault:1.17.1
Hashicorp » Vault » Version: 1.17.10

cpe:2.3:a:hashicorp:vault:1.17.10
Hashicorp » Vault » Version: 1.17.11

cpe:2.3:a:hashicorp:vault:1.17.11
Hashicorp » Vault » Version: 1.17.12

cpe:2.3:a:hashicorp:vault:1.17.12
Hashicorp » Vault » Version: 1.17.13

cpe:2.3:a:hashicorp:vault:1.17.13
Hashicorp » Vault » Version: 1.17.14

cpe:2.3:a:hashicorp:vault:1.17.14
Hashicorp » Vault » Version: 1.17.15

cpe:2.3:a:hashicorp:vault:1.17.15
Hashicorp » Vault » Version: 1.17.16

cpe:2.3:a:hashicorp:vault:1.17.16
Hashicorp » Vault » Version: 1.17.17

cpe:2.3:a:hashicorp:vault:1.17.17
Hashicorp » Vault » Version: 1.17.18

cpe:2.3:a:hashicorp:vault:1.17.18
Hashicorp » Vault » Version: 1.17.2

cpe:2.3:a:hashicorp:vault:1.17.2
Hashicorp » Vault » Version: 1.17.3

cpe:2.3:a:hashicorp:vault:1.17.3
Hashicorp » Vault » Version: 1.17.4

cpe:2.3:a:hashicorp:vault:1.17.4
Hashicorp » Vault » Version: 1.17.5

cpe:2.3:a:hashicorp:vault:1.17.5
Hashicorp » Vault » Version: 1.17.6

cpe:2.3:a:hashicorp:vault:1.17.6
Hashicorp » Vault » Version: 1.17.7

cpe:2.3:a:hashicorp:vault:1.17.7
Hashicorp » Vault » Version: 1.17.8

cpe:2.3:a:hashicorp:vault:1.17.8
Hashicorp » Vault » Version: 1.17.9

cpe:2.3:a:hashicorp:vault:1.17.9
Hashicorp » Vault » Version: 1.18.0

cpe:2.3:a:hashicorp:vault:1.18.0
Hashicorp » Vault » Version: 1.18.1

cpe:2.3:a:hashicorp:vault:1.18.1
Hashicorp » Vault » Version: 1.18.10

cpe:2.3:a:hashicorp:vault:1.18.10
Hashicorp » Vault » Version: 1.18.11

cpe:2.3:a:hashicorp:vault:1.18.11
Hashicorp » Vault » Version: 1.18.2

cpe:2.3:a:hashicorp:vault:1.18.2
Hashicorp » Vault » Version: 1.18.3

cpe:2.3:a:hashicorp:vault:1.18.3
Hashicorp » Vault » Version: 1.18.4

cpe:2.3:a:hashicorp:vault:1.18.4
Hashicorp » Vault » Version: 1.18.5

cpe:2.3:a:hashicorp:vault:1.18.5
Hashicorp » Vault » Version: 1.18.6

cpe:2.3:a:hashicorp:vault:1.18.6
Hashicorp » Vault » Version: 1.18.7

cpe:2.3:a:hashicorp:vault:1.18.7
Hashicorp » Vault » Version: 1.18.8

cpe:2.3:a:hashicorp:vault:1.18.8
Hashicorp » Vault » Version: 1.18.9

cpe:2.3:a:hashicorp:vault:1.18.9
Hashicorp » Vault » Version: 1.19.0

cpe:2.3:a:hashicorp:vault:1.19.0
Hashicorp » Vault » Version: 1.19.1

cpe:2.3:a:hashicorp:vault:1.19.1
Hashicorp » Vault » Version: 1.19.2

cpe:2.3:a:hashicorp:vault:1.19.2
Hashicorp » Vault » Version: 1.19.3

cpe:2.3:a:hashicorp:vault:1.19.3
Hashicorp » Vault » Version: 1.19.4

cpe:2.3:a:hashicorp:vault:1.19.4
Hashicorp » Vault » Version: 1.19.5

cpe:2.3:a:hashicorp:vault:1.19.5
Hashicorp » Vault » Version: 1.19.6

cpe:2.3:a:hashicorp:vault:1.19.6
Hashicorp » Vault » Version: 1.2.0

cpe:2.3:a:hashicorp:vault:1.2.0
Hashicorp » Vault » Version: 1.2.1

cpe:2.3:a:hashicorp:vault:1.2.1
Hashicorp » Vault » Version: 1.2.2

cpe:2.3:a:hashicorp:vault:1.2.2
Hashicorp » Vault » Version: 1.2.3

cpe:2.3:a:hashicorp:vault:1.2.3
Hashicorp » Vault » Version: 1.2.4

cpe:2.3:a:hashicorp:vault:1.2.4
Hashicorp » Vault » Version: 1.2.5

cpe:2.3:a:hashicorp:vault:1.2.5
Hashicorp » Vault » Version: 1.20.0

cpe:2.3:a:hashicorp:vault:1.20.0
Hashicorp » Vault » Version: 1.3.0

cpe:2.3:a:hashicorp:vault:1.3.0
Hashicorp » Vault » Version: 1.3.1

cpe:2.3:a:hashicorp:vault:1.3.1
Hashicorp » Vault » Version: 1.3.2

cpe:2.3:a:hashicorp:vault:1.3.2
Hashicorp » Vault » Version: 1.3.3

cpe:2.3:a:hashicorp:vault:1.3.3
Hashicorp » Vault » Version: 1.3.4

cpe:2.3:a:hashicorp:vault:1.3.4
Hashicorp » Vault » Version: 1.3.5

cpe:2.3:a:hashicorp:vault:1.3.5
Hashicorp » Vault » Version: 1.3.6

cpe:2.3:a:hashicorp:vault:1.3.6
Hashicorp » Vault » Version: 1.3.8

cpe:2.3:a:hashicorp:vault:1.3.8
Hashicorp » Vault » Version: 1.4.0

cpe:2.3:a:hashicorp:vault:1.4.0
Hashicorp » Vault » Version: 1.4.1

cpe:2.3:a:hashicorp:vault:1.4.1
Hashicorp » Vault » Version: 1.4.2

cpe:2.3:a:hashicorp:vault:1.4.2
Hashicorp » Vault » Version: 1.4.3

cpe:2.3:a:hashicorp:vault:1.4.3
Hashicorp » Vault » Version: 1.4.4

cpe:2.3:a:hashicorp:vault:1.4.4
Hashicorp » Vault » Version: 1.4.5

cpe:2.3:a:hashicorp:vault:1.4.5
Hashicorp » Vault » Version: 1.4.5.1

cpe:2.3:a:hashicorp:vault:1.4.5.1
Hashicorp » Vault » Version: 1.4.6

cpe:2.3:a:hashicorp:vault:1.4.6
Hashicorp » Vault » Version: 1.4.7

cpe:2.3:a:hashicorp:vault:1.4.7
Hashicorp » Vault » Version: 1.5.0

cpe:2.3:a:hashicorp:vault:1.5.0
Hashicorp » Vault » Version: 1.5.1

cpe:2.3:a:hashicorp:vault:1.5.1
Hashicorp » Vault » Version: 1.5.2

cpe:2.3:a:hashicorp:vault:1.5.2
Hashicorp » Vault » Version: 1.5.2.1

cpe:2.3:a:hashicorp:vault:1.5.2.1
Hashicorp » Vault » Version: 1.5.3

cpe:2.3:a:hashicorp:vault:1.5.3
Hashicorp » Vault » Version: 1.5.4

cpe:2.3:a:hashicorp:vault:1.5.4
Hashicorp » Vault » Version: 1.5.5

cpe:2.3:a:hashicorp:vault:1.5.5
Hashicorp » Vault » Version: 1.5.6

cpe:2.3:a:hashicorp:vault:1.5.6
Hashicorp » Vault » Version: 1.5.7

cpe:2.3:a:hashicorp:vault:1.5.7
Hashicorp » Vault » Version: 1.5.8

cpe:2.3:a:hashicorp:vault:1.5.8
Hashicorp » Vault » Version: 1.5.9

cpe:2.3:a:hashicorp:vault:1.5.9
Hashicorp » Vault » Version: 1.6.0

cpe:2.3:a:hashicorp:vault:1.6.0
Hashicorp » Vault » Version: 1.6.1

cpe:2.3:a:hashicorp:vault:1.6.1
Hashicorp » Vault » Version: 1.6.2

cpe:2.3:a:hashicorp:vault:1.6.2
Hashicorp » Vault » Version: 1.6.3

cpe:2.3:a:hashicorp:vault:1.6.3
Hashicorp » Vault » Version: 1.6.4

cpe:2.3:a:hashicorp:vault:1.6.4
Hashicorp » Vault » Version: 1.6.5

cpe:2.3:a:hashicorp:vault:1.6.5
Hashicorp » Vault » Version: 1.7.0

cpe:2.3:a:hashicorp:vault:1.7.0
Hashicorp » Vault » Version: 1.7.1

cpe:2.3:a:hashicorp:vault:1.7.1
Hashicorp » Vault » Version: 1.7.10

cpe:2.3:a:hashicorp:vault:1.7.10
Hashicorp » Vault » Version: 1.7.2

cpe:2.3:a:hashicorp:vault:1.7.2
Hashicorp » Vault » Version: 1.7.3

cpe:2.3:a:hashicorp:vault:1.7.3
Hashicorp » Vault » Version: 1.7.4

cpe:2.3:a:hashicorp:vault:1.7.4
Hashicorp » Vault » Version: 1.7.5

cpe:2.3:a:hashicorp:vault:1.7.5
Hashicorp » Vault » Version: 1.7.6

cpe:2.3:a:hashicorp:vault:1.7.6
Hashicorp » Vault » Version: 1.7.7

cpe:2.3:a:hashicorp:vault:1.7.7
Hashicorp » Vault » Version: 1.7.8

cpe:2.3:a:hashicorp:vault:1.7.8
Hashicorp » Vault » Version: 1.7.9

cpe:2.3:a:hashicorp:vault:1.7.9
Hashicorp » Vault » Version: 1.8.0

cpe:2.3:a:hashicorp:vault:1.8.0
Hashicorp » Vault » Version: 1.8.3

cpe:2.3:a:hashicorp:vault:1.8.3
Hashicorp » Vault » Version: 1.8.4

cpe:2.3:a:hashicorp:vault:1.8.4
Hashicorp » Vault » Version: 1.8.6

cpe:2.3:a:hashicorp:vault:1.8.6
Hashicorp » Vault » Version: 1.8.7

cpe:2.3:a:hashicorp:vault:1.8.7
Hashicorp » Vault » Version: 1.8.8

cpe:2.3:a:hashicorp:vault:1.8.8
Hashicorp » Vault » Version: 1.8.9

cpe:2.3:a:hashicorp:vault:1.8.9
Hashicorp » Vault » Version: 1.9.0

cpe:2.3:a:hashicorp:vault:1.9.0
Hashicorp » Vault » Version: 1.9.1

cpe:2.3:a:hashicorp:vault:1.9.1
Hashicorp » Vault » Version: 1.9.10

cpe:2.3:a:hashicorp:vault:1.9.10
Hashicorp » Vault » Version: 1.9.2

cpe:2.3:a:hashicorp:vault:1.9.2
Hashicorp » Vault » Version: 1.9.3

cpe:2.3:a:hashicorp:vault:1.9.3
Hashicorp » Vault » Version: 1.9.4

cpe:2.3:a:hashicorp:vault:1.9.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-6000

Products

Pricing

Contact Us