CVE-2025-67642
MEDIUMDescription
Jenkins HashiCorp Vault Plugin 371.v884a_4dd60fb_6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to.
Is your site exposed to CVE-2025-67642?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| jenkins | hashicorp_vault |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-67642? +
How severe is CVE-2025-67642? +
What products are affected by CVE-2025-67642? +
How do I check if I'm vulnerable to CVE-2025-67642? +
Related Vulnerabilities
An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated …
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to 6.4.2, …
CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass. The software's startup authentication can be disabled …
A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with …
A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG file …
In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership