Cybersecurity experts have identified a series of vulnerabilities in enterprise secure vaults from CyberArk and HashiCorp that could be exploited by remote attackers to compromise corporate identity systems and extract sensitive enterprise data and tokens.
Known as Vault Fault, the 14 vulnerabilities impact CyberArk Secrets Manager, Self-Hosted, and Conjur Open Source, as well as HashiCorp Vault, as reported by identity security firm Cyata. These vulnerabilities, disclosed in May 2025, have been patched in the following versions:
The vulnerabilities include authentication bypasses, impersonation, privilege escalation flaws, code execution paths, and root token theft. The most critical vulnerability allows for remote code execution, enabling attackers to take control of the vault without valid credentials under specific conditions:
- CVE-2025-49827 (CVSS score: 9.1) – Bypass of IAM authenticator in CyberArk Secrets Manager
- CVE-2025-49831 (CVSS score: 9.1) – Bypass of IAM authenticator in CyberArk Secrets Manager via a misconfigured network device
- CVE-2025-49828 (CVSS score: 8.6) – Remote code execution in CyberArk Secrets Manager
- CVE-2025-6000 (CVSS score: 9.1) – Arbitrary remote code execution via plugin catalog abuse in HashiCorp Vault
- CVE-2025-5999 (CVSS score: 7.2) – Privilege escalation to root via policy normalization in HashiCorp Vault
Furthermore, vulnerabilities have been found in HashiCorp Vault’s lockout protection logic, potentially allowing attackers to determine valid usernames and reset lockout counters through timing-based side channels.
With the potential to exploit these vulnerabilities, threat actors could execute various attacks, including remote code execution and privilege escalation. The flaws in CyberArk Secrets Manager/Conjur allow for authentication bypass and arbitrary code execution, posing significant security risks.
To address these vulnerabilities, users are advised to apply the necessary patches provided by the vendors and take proactive measures to secure their systems against potential exploits.
