Introduction
Escalating privileges in a secrets management platform can lead to unauthorized access to all stored credentials and secrets. In enterprise environments where HashiCorp Vault is a core component, privilege escalation flaws have direct operational and security implications for any organization relying on Vault for access control and secrets management.
HashiCorp is a major provider of infrastructure automation and security tools. Their Vault product is widely adopted across industries for managing sensitive credentials, with thousands of enterprise deployments and a central role in modern DevOps and cloud-native architectures. Vulnerabilities in Vault can have a broad impact across the technology landscape due to its integration with critical infrastructure and applications.
Technical Information
CVE-2025-5999 targets the identity endpoint in the root namespace of HashiCorp Vault. Operators with write permissions to this endpoint can escalate their own or another user's token privileges to the root policy. The vulnerability is a result of insufficient privilege assignment controls at the identity endpoint, specifically in the root namespace. This allows a privileged operator to bypass intended policy restrictions and assign themselves the highest level of access within Vault.
The vulnerability is categorized as CWE-266 (Incorrect Privilege Assignment). The attack requires the operator to already possess write access to the root namespace's identity endpoint. There are no public code snippets or detailed exploitation steps available in the referenced materials. The issue affects Vault's core identity management functionality, not an enterprise-only feature.
Affected Systems and Versions
- HashiCorp Vault Community Edition: All versions prior to 1.20.0
- HashiCorp Vault Enterprise: All versions prior to 1.20.0, 1.19.6, 1.18.11, and 1.16.22
- Vulnerable configuration: Any instance where an operator has write access to the root namespace's identity endpoint
Vendor Security History
HashiCorp Vault has previously been affected by privilege escalation and identity-related vulnerabilities, such as CVE-2024-9180 and CVE-2025-4166. HashiCorp typically provides patches across multiple supported versions and maintains a mature vulnerability disclosure program. Their response to privilege escalation issues has been prompt, with fixes and advisories published through official channels.