A new set of vulnerabilities have been discovered in CyberArk and HashiCorp security products. These considerations, if overlooked, present major liabilities to corporate identity systems. Patent, called ReVault, the ReVault patent presents an existential threat. Remote attackers might be able to exploit these issues to obtain unreleased enterprise MDM secrets and tokens. These vulnerabilities have been assigned high CVSS scores, indicating their severity and the urgency for organizations to update their security measures.
The vulnerabilities affect all versions of CyberArk Secrets Manager, all versions of CyberArk Conjur Open Source, and all patched versions of HashiCorp Vault. CyberArk has 8 vulnerabilities reported CVE-2025-25050, CVE-2025-25215, CVE-2025-24922, CVE-2025-24311, CVE-2025-24919, CVE-2025-49827, CVE-2025-49831, and CVE-2025-49828. Further, HashiCorp Vault is affected by CVE-2025-6000 and CVE-2025-5999. Organizations that utilize these platforms should upgrade to the latest version as soon as possible.
Overview of the Vulnerabilities
Topping the most serious vulnerabilities found is CVE-2025-25050, which scored 8.8 in CVSS. Unfortunately, this out-of-bounds write vulnerability is intimately tied to the cv_upgrade_sensor_firmware functionality. The vulnerability could in turn let attackers use system memory in unexpected and unsafe ways that breach the security of the system’s memory integrity. model.
The other major bug CVE-2025-25215, rated at 8.8, is an arbitrary free vulnerability inside of the cv_close functionality. This zero-day vulnerability gives attackers unprecedented opportunities to exploit memory management errors to perform arbitrary actions in the system.
CVE-2025-24922 is especially dangerous. It has a stack-based buffer overflow vulnerability in the securebio_identify functionality that may allow remote attackers to execute arbitrary code. With a CVSS of 8.8, this vulnerability is a great example of what can happen when memory is handled improperly.
More recently, other vulnerabilities have emerged. CVE-2025-24311 is rated 8.4 for an out of bounds read in the cv_send_blockdata feature. On the other hand, CVE-2025-24919 has a score of 8.1 for its deserialization of untrusted input in the cvhDecapsulateCmd functionality. Each of these vulnerabilities represents the potential for a highly impactful security breach as long as they go unpatched.
Impact on CyberArk and HashiCorp Systems
As recent black hat played out, the ReVault vulnerabilities have been verified against many versions of the top three enterprise security solutions. Notably, CyberArk Secrets Manager and Self-Hosted versions 13.5.1 and 13.6.1 are affected, as well as CyberArk Conjur Open Source version 1.22.1. Furthermore, HashiCorp Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13 and 1.16.24 are affected.
Yarden Porat highlighted the alarming nature of these vulnerabilities, stating, “This exploit chain moved from unauthenticated access to full remote code execution without ever supplying a password, token, or AWS credentials.”
The consequences of the ReVault vulnerabilities reach past risk of current exploitation. Philippe Laulheret noted that, “The ReVault attack can be used as a post-compromise persistence technique that can remain even across Windows reinstalls.” This indicates that when attackers get in, they can maintain their foothold within systems. Not even attempts to restore basic security measures have been enough to kick them out.
Mitigating the Threat
Fortunately, the developers of both CyberArk and HashiCorp were quick to respond to these vulnerabilities by patching them in their most recent software releases. Users are urged in the most vigorous terms to replace their systems to reduce the risk from these security vulnerabilities.
Yarden Porat emphasized the broader implications of the research on ReVault vulnerabilities: “This research shows how authentication, policy enforcement, and plugin execution can all be subverted through logic bugs, without touching memory, triggering crashes, or breaking cryptography.” This statement emphasizes the need to interrogate our current security structures for blind spots outside of the traditional approaches.