HashiCorp Product Security Update Advisory (CVE-2025-6000)

Aug 08 2025

Overview

We have released a security update to fix vulnerabilities in HashiCorp products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-6000

Vault Community Edition Versions: 0.8.0 and earlier and 1.20.0 and earlier
Vault Enterprise Version: 0.8.0 or later and 1.20.0 or earlier
Vault Enterprise Version: 1.19.6 and earlier
Vault Enterprise version: 1.18.11 and earlier
Vault Enterprise version: 1.16.22 and earlier
Vault Enterprise version: 1.15.15 and earlier

Resolved Vulnerabilities

Command Injection vulnerability in the plugin directory settings in Vault (CVE-2025-6000)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-6000

Vault Community Edition Version: 1.20.1
Vault Enterprise Version: 1.20.1
Vault Enterprise Version: 1.19.7
Vault Enterprise Version : 1.18.12
Vault Enterprise Version: 1.16.23
Vault Enterprise Version: Migrate to a Resolved Version

References

[1] HCSEC-2025-14 – Privileged Vault Operator May Execute Code on the Underlying Host
https://discuss.hashicorp.com/t/hcsec-2025-14-privileged-vault-operator-may-execute-code-on-the-underlying-host/76033

HashiCorp Product Security Update Advisory (CVE-2025-6000)

Microsoft Exchange Server Security Update Advisory (CVE-2025-53786)

Microsoft Edge browser (139.0.3405.86) version security update advisory

Tags:

Microsoft Exchange Server Security Update Advisory (CVE-2025-53786)

Microsoft Edge browser (139.0.3405.86) version security update advisory