TLS Certificate Authentication Issue in HashiCorp Vault Products
CVE-2025-6037

6.8MEDIUM

Key Information:

Vendor: Hashicorp
Status: Vault; Vault Enterprise
Vendor: CVE Published:; 1 August 2025

What is CVE-2025-6037?

The TLS certificate authentication method in HashiCorp Vault improperly validates client certificates when using a non-CA certificate as a trusted certificate. This vulnerability allows an attacker to create a malicious certificate that could exploit this flaw to impersonate another user. Users of Vault are advised to upgrade to the fixed versions to ensure proper validation mechanisms are in place, safeguarding against potential misuse.

Affected Version(s)

Vault 64 bit 0 < 1.20.1

Vault Enterprise 64 bit 0 < 1.20.1

References

https://discuss.hashicorp.com/t/hcsec-2025-18-vault-certi...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2025
Vulnerability Reserved
Jun 12, 2025

Hashicorp

What is CVE-2025-6037?

Affected Version(s)

References

CVSS V3.1

Timeline