CVE-2025-6000 Overview
CVE-2025-6000 is a code execution vulnerability in HashiCorp Vault that allows a privileged operator within the root namespace to execute code on the underlying host. The flaw requires write permission to sys/audit and a configured plugin directory in Vault's configuration. By abusing the audit device registration path, an operator can load arbitrary binaries as plugins, achieving execution in the Vault server's process context. The issue is tracked as CWE-94: Improper Control of Generation of Code. HashiCorp addressed the issue in Vault Community Edition 1.20.1 and Vault Enterprise versions 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Critical Impact
A root-namespace operator with sys/audit write access can execute arbitrary code on the Vault host, leading to full compromise of the secrets management infrastructure.
Affected Products
- HashiCorp Vault Community Edition prior to 1.20.1
- HashiCorp Vault Enterprise prior to 1.20.1, 1.19.7, 1.18.12, and 1.16.23
- Deployments with a plugin_directory set in Vault configuration
Discovery Timeline
- 2025-08-01 - CVE-2025-6000 published to NVD
- 2025-08-13 - Last updated in NVD database
Technical Details for CVE-2025-6000
Vulnerability Analysis
The vulnerability resides in how Vault handles audit device registration when a plugin directory is configured. Vault's audit subsystem supports custom backends loaded as external plugins from the configured plugin_directory. An operator with write access to the sys/audit API path can register an audit device that references an attacker-supplied binary placed in the plugin directory.
When the audit device is enabled, Vault spawns the referenced binary as a plugin process running with the privileges of the Vault server. This converts a high-privilege configuration capability into arbitrary code execution on the underlying host operating system.
Exploitation requires existing high privileges within the root namespace, which limits the population of capable actors. However, the resulting impact extends beyond Vault itself: an attacker can read all secrets in memory, pivot to connected systems using stored credentials, and tamper with audit logs to obscure activity.
Root Cause
The root cause is insufficient separation between configuration authority and execution authority. Write access to sys/audit was intended for managing audit destinations, not for loading executable code. Combined with the plugin loading mechanism, this design permits a privileged API call to result in process execution on the host.
Attack Vector
The attack is network-reachable via the Vault API but requires high privileges. An attacker who has compromised a root-namespace token with sys/audit write permission stages a malicious binary in the configured plugin directory, registers it as an audit plugin, and triggers its execution by enabling the audit device. Refer to the HashiCorp Security Advisory HCSEC-2025-14 for vendor-supplied technical context.
Detection Methods for CVE-2025-6000
Indicators of Compromise
- Unexpected files appearing in the directory referenced by Vault's plugin_directory configuration setting.
- Audit log entries showing sys/audit enable operations referencing unfamiliar plugin names or binaries.
- Vault server processes spawning child processes that do not correspond to known, signed Vault plugins.
- Outbound network connections originating from the Vault host to unexpected destinations following audit configuration changes.
Detection Strategies
- Monitor Vault audit logs for PUT or POST requests to sys/audit/* paths, especially those specifying custom plugin types.
- Establish a baseline of approved plugin binaries and alert on any new or modified file in plugin_directory.
- Correlate Vault API privilege use with process-creation telemetry on the Vault host to identify post-configuration execution.
Monitoring Recommendations
- Forward Vault audit device logs to a centralized logging platform with integrity protection and retention.
- Enable host-level process and file integrity monitoring on Vault servers, with particular focus on the plugin directory.
- Review root-namespace token issuance and policy assignments on a recurring basis to limit access to sys/audit.
How to Mitigate CVE-2025-6000
Immediate Actions Required
- Upgrade to Vault Community Edition 1.20.1 or Vault Enterprise 1.20.1, 1.19.7, 1.18.12, or 1.16.23.
- Audit all policies granting write access to sys/audit within the root namespace and revoke any that are not strictly required.
- Rotate root tokens and any operator credentials with elevated privileges following the patch.
- Inspect the configured plugin directory for unauthorized binaries and remove any that are not part of an approved plugin inventory.
Patch Information
HashiCorp released fixed versions on the dates referenced in HashiCorp Security Advisory HCSEC-2025-14. Apply the patch corresponding to your release train: 1.20.1 for Community and Enterprise, or the appropriate LTS release for Enterprise customers on 1.19, 1.18, or 1.16.
Workarounds
- If patching is not immediately feasible, remove the plugin_directory setting from Vault's configuration to disable the external plugin loading path.
- Restrict filesystem permissions on the plugin directory so only the Vault process owner can read it and no operator account can write to it.
- Enforce least privilege on root-namespace policies and require multi-party approval for changes to audit configuration.
# Example: review policies that grant sys/audit write access
vault policy list | while read p; do
vault policy read "$p" | grep -E 'sys/audit' && echo " ^ found in policy: $p"
done
# Example: upgrade verification
vault version
# Expected output: Vault v1.20.1 (or applicable patched Enterprise release)
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
