HashiCorp Vault exposed multiple zero-day vulnerabilities involving authentication and remote code execution Author: PANews Source: PANews 2025/08/07 19:53

PANews reported on August 7th that HashiCorp Vault, a wallet and key management tool widely used in the cryptocurrency industry, has recently been exposed to multiple zero-day vulnerabilities, covering key aspects such as authentication, identification, and authorization. Some of these vulnerabilities can bypass lockdown and multi-factor authentication protections, and even allow attackers to achieve remote code execution (RCE), posing a serious threat to infrastructure security. The Cyata team has collaborated with HashiCorp to complete the fixes. SlowMist Technology's Chief Information Security Officer, 23pds, recommends that relevant organizations upgrade to the latest version as soon as possible to mitigate potential risks.

