Arbitrary Remote Code Execution via Plugin Catalog Abuse

August 1, 2025 invoker category_cve

CVE Details

Basic Information

Title Arbitrary Remote Code Execution via Plugin Catalog Abuse
Type cve
Published 2025-08-01T17:40:48.524Z
Modified 2025-08-01T18:12:02.883Z

Product Information

Vendor HashiCorp
Product Vault
Version 0.8.0

CVSS Information

Base Score 9.1 (CRITICAL)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected Products

  • HashiCorp Vault 0.8.0
  • HashiCorp Vault Enterprise 0.8.0

Additional Information

CWE List CWE-94
Source HashiCorp

Description

A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.