CVE-2025-3879

Published: May 2, 2025Modified: Aug 12, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18.

Affected (5)

Products: Hashicorp: Vault

Hashicorp

1 product

Vault

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Hashicorp Vault	From 0.10.0 to 1.19.1
Hashicorp Vault	From 0.10.0 to 1.16.18
Hashicorp Vault	From 1.17.0 to 1.17.14
Hashicorp Vault	From 1.18.0 to 1.18.7
Hashicorp Vault	Version 1.19.0

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://discuss.hashicorp.com/t/hcsec-2025-07-vault-s-azure-authentication-method-bound-location-restriction-could-be-bypassed-on-login/74716

Source: security@hashicorp.com

Vendor Advisory

Timeline

No history available yet.