TLS Certificate Authentication Issue in HashiCorp Vault Products
CVE-2025-6037

6.8MEDIUM

Key Information:

Vendor

Hashicorp

Vendor
CVE Published:
1 August 2025

What is CVE-2025-6037?

The TLS certificate authentication method in HashiCorp Vault improperly validates client certificates when using a non-CA certificate as a trusted certificate. This vulnerability allows an attacker to create a malicious certificate that could exploit this flaw to impersonate another user. Users of Vault are advised to upgrade to the fixed versions to ensure proper validation mechanisms are in place, safeguarding against potential misuse.

Affected Version(s)

Vault 64 bit 0 < 1.20.1

Vault Enterprise 64 bit 0 < 1.20.1

References

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.