x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-6h4p-m86h-hhgh

[GoVulnBot]

Advisory GHSA-6h4p-m86h-hhgh references a vulnerability in the following Go modules:

Module
github.com/hashicorp/vault

Description:
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22.

References:

• ADVISORY: GHSA-6h4p-m86h-hhgh
• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2025-5999
• WEB: https://discuss.hashicorp.com/t/hcsec-2025-13-vault-root-namespace-operator-may-elevate-token-privileges/76032

Cross references:

• github.com/hashicorp/vault appears in 40 other report(s):
  • data/reports/GO-2022-0578.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-362v-wg5p-64w2 #578)
  • data/reports/GO-2022-0590.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-c5wc-v287-82pc #590)
  • data/reports/GO-2022-0611.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-pfmw-vj74-ph8g #611)
  • data/reports/GO-2022-0618.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-qv95-g3gm-x542 #618)
  • data/reports/GO-2022-0620.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-23fq-q7hc-993r #620)
  • data/reports/GO-2022-0623.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-38j9-7pp9-2hjw #623)
  • data/reports/GO-2022-0632.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-6239-28c2-9mrm, CVE-2021-38554 #632)
  • data/reports/GO-2022-0778.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault/command: GHSA-25xj-89g5-fm6h #778)
  • data/reports/GO-2022-0816.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-9vh5-r4qw-v3vv #816)
  • data/reports/GO-2022-0825.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-fp52-qw33-mfmw #825)
  • data/reports/GO-2022-1021.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-7cgv-v83v-rr87 #1021)
  • data/reports/GO-2023-1685.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-v3hp-mcj5-pg39 #1685)
  • data/reports/GO-2023-1708.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-hwc3-3qh6-r4gg #1708)
  • data/reports/GO-2023-1709.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-vq4h-9ghm-qmrr #1709)
  • data/reports/GO-2023-1849.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-gq98-53rq-qr5h #1849)
  • data/reports/GO-2023-1897.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-9mh8-9j64-443f #1897)
  • data/reports/GO-2023-1900.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-wmg5-g953-qqfw #1900)
  • data/reports/GO-2023-1986.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-9v3w-w2jh-4hff #1986)
  • data/reports/GO-2023-2063.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-v84f-6r39-cpfc #2063)
  • data/reports/GO-2023-2088.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-86c6-3g63-5w64 #2088)
  • data/reports/GO-2023-2329.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-4qhc-v8r6-8vwm #2329)
  • data/reports/GO-2023-2399.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-6p62-6cg9-f5f5 #2399)
  • data/reports/GO-2024-2485.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault/vault: GHSA-j6vv-vv26-rh7c #2485)
  • data/reports/GO-2024-2486.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault/vault: GHSA-m979-w9wj-qfj9 #2486)
  • data/reports/GO-2024-2488.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault/vault: GHSA-4mp7-2m29-gqxf #2488)
  • data/reports/GO-2024-2508.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-rpgp-9hmg-j25x #2508)
  • data/reports/GO-2024-2509.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-rq95-xf66-j689 #2509)
  • data/reports/GO-2024-2511.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: CVE-2024-0831 #2511)
  • data/reports/GO-2024-2514.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-57gg-cj55-q5g2 #2514)
  • data/reports/GO-2024-2617.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-r3w7-mfpm-c2vw #2617)
  • data/reports/GO-2024-2690.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-j2rp-gmqv-frhv #2690)
  • data/reports/GO-2024-2921.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-32cj-5wx4-gq8p #2921)
  • data/reports/GO-2024-2982.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-2qmw-pvf7-4mw6 #2982)
  • data/reports/GO-2024-3113.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-jjxf-26c9-77gm #3113)
  • data/reports/GO-2024-3162.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-jg74-mwgw-v6x3 #3162)
  • data/reports/GO-2024-3191.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-rr8j-7w34-xp5j #3191)
  • data/reports/GO-2024-3246.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-g233-2p4r-3q7v #3246)
  • data/reports/GO-2025-3662.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-f9ch-h8j7-8jwg #3662)
  • data/reports/GO-2025-3663.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-gcqf-f89c-68hv #3663)
  • data/reports/GO-2025-3788.yaml (x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-fhc2-8qx8-6vj7 #3788)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/hashicorp/vault
      versions:
        - introduced: 0.10.4
        - fixed: 1.20.0
      vulnerable_at: 1.20.0-rc2
summary: Hashicorp Vault has Privilege Escalation Vulnerability in github.com/hashicorp/vault
cves:
    - CVE-2025-5999
ghsas:
    - GHSA-6h4p-m86h-hhgh
references:
    - advisory: https://github.com/advisories/GHSA-6h4p-m86h-hhgh
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-5999
    - web: https://discuss.hashicorp.com/t/hcsec-2025-13-vault-root-namespace-operator-may-elevate-token-privileges/76032
source:
    id: GHSA-6h4p-m86h-hhgh
    created: 2025-08-01T22:01:15.032089225Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/693658 mentions this issue: data/reports: add 16 reports

[gopherbot]

Change https://go.dev/cl/694756 mentions this issue: data/reports: add 20 reports