{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3879", "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "state": "PUBLISHED", "assignerShortName": "HashiCorp", "dateReserved": "2025-04-22T17:52:28.596Z", "datePublished": "2025-05-02T16:15:10.650Z", "dateUpdated": "2025-05-02T16:50:15.195Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [{"lessThan": "1.19.1", "status": "affected", "version": "0.10.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "product": "Vault Enterprise", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [{"changes": [{"at": "1.19.1", "status": "unaffected"}, {"at": "1.18.6", "status": "unaffected"}, {"at": "1.17.13", "status": "unaffected"}, {"at": "1.16.16", "status": "unaffected"}], "lessThan": "1.19.1", "status": "affected", "version": "0.10.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Vault Community, Vault Enterprise (\u201cVault\u201d) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18.</p><br/>"}], "value": "Vault Community, Vault Enterprise (\u201cVault\u201d) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115: Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp", "dateUpdated": "2025-05-02T16:23:13.468Z"}, "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2025-07-vault-s-azure-authentication-method-bound-location-restriction-could-be-bypassed-on-login/74716"}], "source": {"advisory": "HCSEC-2025-07", "discovery": "INTERNAL"}, "title": "Vault\u2019s Azure Authentication Method bound_location Restriction Could be Bypassed on Login"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-02T16:50:05.246266Z", "id": "CVE-2025-3879", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-02T16:50:15.195Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3879", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-02T16:50:05.246266Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-02T16:50:09.297Z"}}], "cna": {"title": "Vault\u2019s Azure Authentication Method bound_location Restriction Could be Bypassed on Login", "source": {"advisory": "HCSEC-2025-07", "discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115: Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "product": "Vault", "versions": [{"status": "affected", "version": "0.10.0", "lessThan": "1.19.1", "versionType": "semver"}], "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "defaultStatus": "unaffected"}, {"repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "product": "Vault Enterprise", "versions": [{"status": "affected", "changes": [{"at": "1.19.1", "status": "unaffected"}, {"at": "1.18.6", "status": "unaffected"}, {"at": "1.17.13", "status": "unaffected"}, {"at": "1.16.16", "status": "unaffected"}], "version": "0.10.0", "lessThan": "1.19.1", "versionType": "semver"}], "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2025-07-vault-s-azure-authentication-method-bound-location-restriction-could-be-bypassed-on-login/74716"}], "descriptions": [{"lang": "en", "value": "Vault Community, Vault Enterprise (\u201cVault\u201d) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18.", "supportingMedia": [{"type": "text/html", "value": "<p>Vault Community, Vault Enterprise (\u201cVault\u201d) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18.</p><br/>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp", "dateUpdated": "2025-05-02T16:23:13.468Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3879", "state": "PUBLISHED", "dateUpdated": "2025-05-02T16:50:15.195Z", "dateReserved": "2025-04-22T17:52:28.596Z", "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "datePublished": "2025-05-02T16:15:10.650Z", "assignerShortName": "HashiCorp"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "2124BD65-924A-4868-8995-4705B58F2BBD", "versionEndExcluding": "1.16.18", "versionStartIncluding": "0.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", "matchCriteriaId": "1D967CDF-3379-48AA-AABB-06BEF6ED749E", "versionEndExcluding": "1.19.1", "versionStartIncluding": "0.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "35EC1DB4-8175-43BC-9B99-AEB931647724", "versionEndExcluding": "1.17.14", "versionStartIncluding": "1.17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F88F6C83-988F-414A-B751-D16CF13C162E", "versionEndExcluding": "1.18.7", "versionStartIncluding": "1.18.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:1.19.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "44A51BC3-6E21-4A09-B8D3-DBA1A8F6DA0A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vault Community, Vault Enterprise (\u201cVault\u201d) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18."}, {"lang": "es", "value": "El m\u00e9todo de autenticaci\u00f3n de Azure de Vault Community, Vault Enterprise (\"Vault\") no validaba correctamente las notificaciones en el token emitido por Azure, lo que pod\u00eda provocar la omisi\u00f3n del par\u00e1metro bound_locations al iniciar sesi\u00f3n. Corregido en Vault Community Edition 1.19.1 y Vault Enterprise 1.19.1, 1.18.7, 1.17.14 y 1.16.18."}], "id": "CVE-2025-3879", "lastModified": "2025-08-12T01:39:23.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "security@hashicorp.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-05-02T17:15:51.273", "references": [{"source": "security@hashicorp.com", "tags": ["Vendor Advisory"], "url": "https://discuss.hashicorp.com/t/hcsec-2025-07-vault-s-azure-authentication-method-bound-location-restriction-could-be-bypassed-on-login/74716"}], "sourceIdentifier": "security@hashicorp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security@hashicorp.com", "type": "Secondary"}]}

{"bugzilla": {"description": "vault: Vault\u2019s Azure Authentication Method bound_location Restriction Could be Bypassed on Login", "id": "2363797", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363797"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-863", "details": ["Vault Community, Vault Enterprise (\u201cVault\u201d) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-3879", "package_state": [{"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Fix deferred", "package_name": "odf4/cephcsi-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Fix deferred", "package_name": "odf4/mcg-cli-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Fix deferred", "package_name": "odf4/mcg-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Fix deferred", "package_name": "odf4/odf-cli-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}], "public_date": "2025-05-02T16:15:10Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-3879\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-3879\nhttps://discuss.hashicorp.com/t/hcsec-2025-07-vault-s-azure-authentication-method-bound-location-restriction-could-be-bypassed-on-login/74716"], "threat_severity": "Moderate"}