CVE-2025-6037

MEDIUM 6.8

Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates

CVSS Score

6.8

EPSS Score

0.0%

EPSS Percentile

0th

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

CWE	CWE-295
Vendor	hashicorp
Product	vault
Published	Aug 1, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for hashicorp vault

Be the first to know when new medium vulnerabilities affecting hashicorp vault are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

HashiCorp / Vault

0 < 1.20.1

HashiCorp / Vault Enterprise

0 < 1.20.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

discuss.hashicorp.com: https://discuss.hashicorp.com/t/hcsec-2025-18-vault-certificate-auth-method-did-not-validate-common-name-for-non-ca-certificates/76037