CVE-2025-6000

Опубликовано: 01 авг. 2025

Источник: redhat

CVSS3: 8

EPSS Низкий

Описание

A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

Отчет

The Impact has been set to Important rather than Critical as this vulnerability requires a privileged user with write access to sys/audit in the root namespace. The execution also requires the SHA256 digest of the target file which makes the attack complexity high, however a malicious operator may still be able to reproduce the file’s contents and compute its hash using the sys/audit-hash endpoint.

Затронутые пакеты

Платформа	Пакет	Состояние
cert-manager Operator for Red Hat OpenShift	cert-manager/cert-manager-operator-rhel9	Affected
cert-manager Operator for Red Hat OpenShift	cert-manager/jetstack-cert-manager-acmesolver-rhel9	Affected
cert-manager Operator for Red Hat OpenShift	cert-manager/jetstack-cert-manager-rhel9	Affected
external secrets operator for Red Hat OpenShift - Tech Preview	external-secrets-operator/external-secrets-operator-rhel9	Affected
Red Hat Openshift Data Foundation 4	odf4/cephcsi-rhel9	Affected
Red Hat Openshift Data Foundation 4	odf4/mcg-cli-rhel9	Affected
Red Hat Openshift Data Foundation 4	odf4/mcg-rhel9-operator	Affected
Red Hat Openshift Data Foundation 4	odf4/odf-cli-rhel9	Affected
Red Hat Trusted Artifact Signer	rhtas/client-server-rhel9	Affected
Red Hat Trusted Artifact Signer	rhtas/fulcio-rhel9	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-94

https://bugzilla.redhat.com/show_bug.cgi?id=2386014github.com/hashicorp/vault: Vault Plugin Code Execution Vulnerability

EPSS

Процентиль: 23%

0.00072

Низкий

8 High

CVSS3

Связанные уязвимости

CVE-2025-6000

CVSS3: 9.1

nvd

5 дней назад

GHSA-mr4h-qf9j-f665