SB2025062527 - Multiple vulnerabilities in HashiCorp Vault and Vault Enterprise

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Resource management error (CVE-ID: CVE-2025-4656)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled cancellation by a Vault operator in rekey and recovery key operations. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-5999)

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to application does not properly impose security restrictions. A privileged Vault operator with write permissions to the root namespace’s identity endpoint can escalate their own or another user’s token privileges to Vault’s root policy.

Remediation

Install update from vendor's website.

References

• https://discuss.hashicorp.com/t/hcsec-2025-11-vault-vulnerable-to-recovery-key-cancellation-denial-of-service/75570
• https://discuss.hashicorp.com/t/hcsec-2025-13-vault-root-namespace-operator-may-elevate-token-privileges/76032