CVE-2025-3879 - CERT CVE

  1. CVE-2025-3879

ID CVE-2025-3879
Sažetak Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18.
Reference
CVSS
Base: 6.6
Impact: 5.9
Exploitability:0.7
Pristup
VektorSloženostAutentikacija
NETWORK HIGH HIGH
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH HIGH
CVSS vektor CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Zadnje važnije ažuriranje 12-08-2025 - 01:39
Objavljeno 02-05-2025 - 17:15