Cybersecurity researchers uncovered multiple vulnerabilities in CyberArk and HashiCorp vaults, including critical remote code execution flaws that could allow attackers to fully compromise enterprise secrets and identities. These vulnerabilities, known as Vault Fault, have been addressed in recent updates, but pose a significant threat if exploited. #CyberArkSecretsManager #HashiCorpVault
Keypoints
- Over a dozen vulnerabilities, including remote code execution and privilege escalation, affect enterprise vaults from CyberArk and HashiCorp.
- The most severe flaws enable attackers to take control of vaults remotely without valid credentials.
- Flaws in lockout protection and MFA enforcement can be exploited to bypass security controls.
- Attacks can lead to unauthorized access, privilege escalation, and potential use as ransomware vectors.
- Mitigation involves updating affected systems, disabling unused services, and applying security patches from vendors.
Read More: https://thehackernews.com/2025/08/cyberark-and-hashicorp-flaws-enable.html