GHSA-hqp6-mjw3-f586 · Severity: medium · Ecosystem: rubygems — HashiCorp Vagrant has code injection vulnerability through default synced folders
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initially assigned to document an issues that allows guest VM to modify the host’s Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended behavior that does not violate a claimed security boundary. https://developer.hashicorp.com/vagrant/docs/synced-folders
Conclusion & alert: This CVE is rejected; it is not tracked as an active vulnerability. Mandatory action: Do not treat as an active exposure for patching queues—follow the CVE record status and authoritative vendor or program statements only.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2025-07-03 | — | 0.02% | — |
Full EPSS history (1 record total)
CVSS metrics for this CVE.
No CVSS data in dataset for this CVE.
GHSA-hqp6-mjw3-f586 · Severity: medium · Ecosystem: rubygems — HashiCorp Vagrant has code injection vulnerability through default synced folders
| vendor | priority | summary | link |
|---|---|---|---|
redhat
|
— | — | https://access.redhat.com/security/cve/CVE-2025-34075 |
ubuntu
|
negligible | CVE-2025-34075 negligible priority: Ubuntu including 1 source packages (vagrant), 8 status rows across 8 suites (bionic, focal, jammy, noble, oracular, plucky, upstream, xenial): not-affected 5, DNE 3. | https://ubuntu.com/security/CVE-2025-34075 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| No affected products in dataset. | |||
| URL | Tags |
|---|---|
| No references in dataset. | |