CVE-2025-5999 | THREATINT

Description

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22.

PUBLISHED Reserved 2025-06-11 | Published 2025-08-01 | Updated 2025-08-01 | Assigner HashiCorp

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-266: Incorrect Privilege Assignment

Product status

Default status

unaffected

0.10.4 (semver) before 1.20.0

affected

Default status

unaffected

0.10.4 (semver) before 1.20.0

affected

References

discuss.hashicorp.com/...-may-elevate-token-privileges/76032

cve.org (CVE-2025-5999)

nvd.nist.gov (CVE-2025-5999)

Download JSON

help @ threatint.eu