View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2025-6000 severity important: SUSE including 14 source package names (ca-certificates-mozilla-2.84-slfo.1.1_1.1, govulncheck-vulndb-0.0.20250811T192933-1.1, …), 25 product×package rows across 13 product lines (Container suse/sl-micro/6.0/base-os-container, Container suse/sl-micro/6.0/toolbox, … (13 product lines)): Fixed 25.
A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault's configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.