CVE-2025-3879 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-3879 PUBLISHED

Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18.

EPSS 0.23% · 45.4th percentile

Risk Scores

EPSS Score

0.23%

45.4th percentile

Affected Products

Vendor	Product	Versions
Bitnami	vault	0.10.0
Bitnami	vault	0.10.0

Timeline

May 2, 2025 CVE Published
May 2, 2025 PoC Published
May 2, 2025 PoC Published
May 2, 2025 PoC Published
May 2, 2025 PoC Published
May 3, 2025 EPSS Score
May 6, 2025 CVE Updated
May 14, 2025 EPSS Score
May 25, 2025 EPSS Score
Jun 6, 2025 EPSS Score
Jun 14, 2025 Coalition ESS Score
Jun 17, 2025 EPSS Score

References

Open in Interactive Console →