Cracking the Vault: A Deep Dive into Nine HashiCorp Vault Zero-Day Vulnerabilities
In a significant disclosure, security researchers from the Cyata team have unearthed nine zero-day vulnerabilities in HashiCorp Vault, a widely used tool for secret management. These vulnerabilities, some of which have been lurking in the codebase for nearly a decade, expose critical flaws in Vault's authentication, identity, and authorization mechanisms. The most severe of these, CVE-2025-6000, allows for remote code execution (RCE), marking the first publicly disclosed RCE in Vault's history. This article provides a comprehensive overview of these vulnerabilities, their potential impact, and detailed Burp Suite-style proof-of-concept (PoC) code snippets to help security professionals understand and test for these flaws in their own environments. The Vulnerabilities: A High-Level Overview The nine vulnerabilities cover a wide range of attack vectors, from username enumeration and authentication bypass to privilege escalation and, ultim...