CVE-2025-3879

Описание

Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18.

A flaw was found in the Hashicorp Vault component. Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. The user-provided vm_name or vmss_name login parameters were not validated against the Azure-issued token claims. Setting a vm_name or vmss_name that would satisfy the login requirements could be used to bypass the bound_location restriction. The Azure auth method will now require the user-provided resource_group_name, vm_name, vmss_name parameters to match the Azure AD token claims on login. More information can be found at: https://developer.hashicorp.com/vault/docs/auth/azure#token-validation