Privilege Escalation Vulnerability in HashiCorp Vault by HashiCorp
CVE-2025-5999

7.2HIGH

Key Information:

Vendor: Hashicorp
Status: Vault; Vault Enterprise
Vendor: CVE Published:; 1 August 2025

What is CVE-2025-5999?

A privilege escalation vulnerability exists in HashiCorp Vault that allows a privileged operator with write permissions to the root namespace's identity endpoint to escalate their own, or another user's, token privileges to match Vault's root policy. This poses a significant risk by potentially granting unauthorized access to critical resources. The issue has been addressed in Vault Community Edition version 1.20.0 and Vault Enterprise versions 1.20.0, 1.19.6, 1.18.11, and 1.16.22.

Affected Version(s)

Vault 64 bit 0.10.4 < 1.20.0

Vault Enterprise 64 bit 0.10.4 < 1.20.0

References

https://discuss.hashicorp.com/t/hcsec-2025-13-vault-root-...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2025
Vulnerability Reserved
Jun 11, 2025

Hashicorp

What is CVE-2025-5999?

Affected Version(s)

References

CVSS V3.1

Timeline