exploitDog

CVE-2025-5999

Опубликовано: 01 авг. 2025

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22.

Ссылки

https://discuss.hashicorp.com/t/hcsec-2025-13-vault-root-namespace-operator-may-elevate-token-privileges/76032

EPSS

Процентиль: 7%

0.00029

Низкий

7.2 High

CVSS3

Дефекты

CWE-266

Связанные уязвимости

CVE-2025-5999

CVSS3: 7.2

redhat

5 дней назад

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22.

GHSA-6h4p-m86h-hhgh

CVSS3: 7.2

github

5 дней назад

Hashicorp Vault has Privilege Escalation Vulnerability

EPSS

Процентиль: 7%

0.00029

Низкий

7.2 High

CVSS3

Дефекты

CWE-266