CyberArk Secrets Manager, Conjur Open Source, and HashiCorp Vault Vault Fault (multiple vulnerabilities)

Vulnerability

First reported

09.08.2025 08:15

Last updated

09.08.2025 08:15

Happening score

H score 24

1 unique sources, 1 articles

Summary

Hide ▲

Vault Fault disclosure exposed 14 vulnerabilities across CyberArk Secrets Manager, CyberArk Conjur Open Source, and HashiCorp Vault, creating risks of authentication bypass, privilege escalation, and remote code execution in vaults that protect enterprise secrets. If exploited, the flaws could let remote attackers reach corporate identity systems and steal secrets and tokens. The issues were publicly addressed after responsible disclosure in May 2025. Fixed releases were issued for each affected product family.

Timeline

09.08.2025 08:15 1 articles · 9mo ago

CyberArk Secrets Manager, Conjur Open Source, and HashiCorp Vault Vault Fault (multiple vulnerabilities)

Initial Disclosure
The first phase was the disclosure of the **Vault Fault** issue set, where **14 vulnerabilities** were identified across **CyberArk** and **HashiCorp** vault products. The initial findings centered on **authentication bypass** and **remote code execution** paths that could expose stored secrets.
Show sources

CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials — thehackernews.com — 09.08.2025 08:15
Open in new tab