Authenticated Virtual Machine Escape Vulnerability in HashiCorp Vagrant
CVE-2025-34075
Key Information:
Badges
What is CVE-2025-34075?
An authenticated virtual machine escape vulnerability has been identified in HashiCorp Vagrant that arises from the default synced folder configuration. Vagrant automatically mounts the project's directory from the host system into the guest VM, creating a shared space under /vagrant (or C:\vagrant on Windows). This setup allows a low-privileged attacker with shell access to the guest VM to inject arbitrary Ruby code into the Vagrantfile. This file is evaluated by the host system each time a Vagrant command is executed, leading to the potential execution of malicious code at the host's privilege level. While the behavior of shared folders is documented, the security risks associated with executing Vagrantfile from guest-writable storage are not clearly outlined, presenting significant threats, especially in multi-tenant environments.
Affected Version(s)
Vagrant 0 < 2.4.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved