Privilege Escalation Vulnerability in HashiCorp Vault by HashiCorp
CVE-2025-5999

7.2HIGH

Key Information:

Vendor

Hashicorp

Vendor
CVE Published:
1 August 2025

What is CVE-2025-5999?

A privilege escalation vulnerability exists in HashiCorp Vault that allows a privileged operator with write permissions to the root namespace's identity endpoint to escalate their own, or another user's, token privileges to match Vault's root policy. This poses a significant risk by potentially granting unauthorized access to critical resources. The issue has been addressed in Vault Community Edition version 1.20.0 and Vault Enterprise versions 1.20.0, 1.19.6, 1.18.11, and 1.16.22.

Affected Version(s)

Vault 64 bit 0.10.4 < 1.20.0

Vault Enterprise 64 bit 0.10.4 < 1.20.0

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.