VDB

CVE-2025-5999

CVE-2025-5999 PUBLISHED

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22.

EPSS 0.16% · 36.4th percentile

Risk Scores

EPSS Score
0.16%
36.4th percentile

Affected Products

VendorProductVersions
Bitnamivault0.10.4
Bitnamivault0.10.4

Exploit Intelligence

…and 1 more exploits

Timeline

  • Aug 1, 2025 CVE Published
  • Aug 1, 2025 Coalition ESS Score
  • Aug 2, 2025 EPSS Score
  • Aug 4, 2025 Coalition ESS Score
  • Aug 11, 2025 EPSS Score
  • Aug 13, 2025 Coalition ESS Score
  • Aug 14, 2025 Coalition ESS Score
  • Aug 19, 2025 EPSS Score
  • Aug 22, 2025 Coalition ESS Score
  • Aug 26, 2025 Coalition ESS Score
  • Aug 28, 2025 EPSS Score
  • Sep 6, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›