CVE-2025-5999

HIGH7.2EPSS 0.16%

Hashicorp Vault has Privilege Escalation Vulnerability

發布日:2025/8/1修改日:2026/2/4

也稱為:GHSA-6h4p-m86h-hhghBIT-vault-2025-5999CGA-6mjj-vxq3-6pmmGO-2025-3837

描述

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22.

受影響套件(3)

Bitnami/vault>= 0.10.4, < 1.20.0
Go/github.com/hashicorp/vault>= 0.10.4, < 1.20.0
Go/github.com/hashicorp/vault>= 0.10.4, < 1.20.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

參考連結(4)

ADVISORYhttps://github.com/advisories/GHSA-6h4p-m86h-hhgh
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-5999
PATCHhttps://github.com/hashicorp/vault
WEBhttps://discuss.hashicorp.com/t/hcsec-2025-13-vault-root-namespace-operator-may-elevate-token-privileges/76032