CVE-2025-3879

{"id": "CVE-2025-3879", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-05-02T17:15:51.273", "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2025-07-vault-s-azure-authentication-method-bound-location-restriction-could-be-bypassed-on-login/74716", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Vault Community, Vault Enterprise (\u201cVault\u201d) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18."}, {"lang": "es", "value": "El m\u00e9todo de autenticaci\u00f3n de Azure de Vault Community, Vault Enterprise (\"Vault\") no validaba correctamente las notificaciones en el token emitido por Azure, lo que pod\u00eda provocar la omisi\u00f3n del par\u00e1metro bound_locations al iniciar sesi\u00f3n. Corregido en Vault Community Edition 1.19.1 y Vault Enterprise 1.19.1, 1.18.7, 1.17.14 y 1.16.18."}], "lastModified": "2025-08-12T01:39:23.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "2124BD65-924A-4868-8995-4705B58F2BBD", "versionEndExcluding": "1.16.18", "versionStartIncluding": "0.10.0"}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "1D967CDF-3379-48AA-AABB-06BEF6ED749E", "versionEndExcluding": "1.19.1", "versionStartIncluding": "0.10.0"}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "35EC1DB4-8175-43BC-9B99-AEB931647724", "versionEndExcluding": "1.17.14", "versionStartIncluding": "1.17.0"}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "F88F6C83-988F-414A-B751-D16CF13C162E", "versionEndExcluding": "1.18.7", "versionStartIncluding": "1.18.0"}, {"criteria": "cpe:2.3:a:hashicorp:vault:1.19.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "44A51BC3-6E21-4A09-B8D3-DBA1A8F6DA0A"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}