VDB
WID-SEC-W-2025-0933
WID-SEC-W-2025-0933
PUBLISHED
Vault ist ein identitätsbasiertes System zur Verwaltung von Geheimnissen und Verschlüsselung.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hashicorp Vault 1.19.3 Community Edition | ||
| Hashicorp Vault 1.19.3 Enterprise | ||
| Hashicorp Vault 1.17.16 Enterprise | ||
| Hashicorp Vault 1.19.1 Enterprise | ||
| Hashicorp Vault 1.18.7 Enterprise | ||
| Hashicorp Vault 1.16.20 Enterprise | ||
| Hashicorp Vault <1.19.3 Enterprise | ||
| Hashicorp Vault 1.19.1 Community Edition | ||
| Hashicorp Vault <1.16.20 Enterprise | ||
| Hashicorp Vault <1.19.1 Enterprise | ||
| Hashicorp Vault <1.17.16 Enterprise | ||
| Hashicorp Vault 1.17.14 Enterprise | ||
| Hashicorp Vault 1.18.9 Enterprise | ||
| Hashicorp Vault <1.19.1 Community Edition | ||
| Hashicorp Vault <1.18.9 Enterprise | ||
| Hashicorp Vault <1.19.3 Community Edition | ||
| Hashicorp Vault <1.16.18 Enterprise | ||
| Hashicorp Vault 1.16.18 Enterprise | ||
| Hashicorp Vault <1.18.7 Enterprise | ||
| Hashicorp Vault <1.17.14 Enterprise |
Exploit Intelligence
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0933.json (circl)
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0933 (circl)
- https://discuss.hashicorp.com/t/hcsec-2025-07-vault-s-azure-authentication-method-bound-location-restriction-could-be-bypassed-on-login/74716 (circl)
- https://github.com/advisories/GHSA-f9ch-h8j7-8jwg (circl)
- https://discuss.hashicorp.com/t/hcsec-2025-09-vault-may-expose-sensitive-information-in-error-logs-when-processing-malformed-data-with-the-kv-v2-plugin/74717 (circl)
- https://github.com/advisories/GHSA-gcqf-f89c-68hv (circl)
Timeline
- May 4, 2025 CVE Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0933.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0933 advisory
- https://discuss.hashicorp.com/t/hcsec-2025-07-vault-s-azure-authentication-method-bound-location-restriction-could-be-bypassed-on-login/74716 url
- https://github.com/advisories/GHSA-f9ch-h8j7-8jwg url
- https://discuss.hashicorp.com/t/hcsec-2025-09-vault-may-expose-sensitive-information-in-error-logs-when-processing-malformed-data-with-the-kv-v2-plugin/74717 url
- https://github.com/advisories/GHSA-gcqf-f89c-68hv url