The post covers 9 CVEs May-June 2025 (Full chain from default user > admin > root > RCE):

CVE-2025-6010 - [REDACTED]

CVE-2025-6004 - Lockout Bypass https://feedly.com/cve/CVE-2025-6004

Via case permutation in userpass auth Via input normalization mismatch in LDAP auth

CVE-2025-6011 - Timing-Based Username Enumeration https://feedly.com/cve/CVE-2025-6011

Identify valid usernames

CVE-2025-6003 - MFA Enforcement Bypass https://feedly.com/cve/CVE-2025-6003

Via username_as_alias configuration in LDAP

CVE-2025-6013 - Multiple EntityID Generation https://feedly.com/cve/CVE-2025-6013

Allows LDAP users to generate multiple EntityIDs for the same identity

CVE-2025-6016 - TOTP MFA Weaknesses https://feedly.com/cve/CVE-2025-6016

Aggregated logic flaws in TOTP implementation

CVE-2025-6037 - Certificate Entity Impersonation https://feedly.com/cve/CVE-2025-6037

Existed for 8+ years in Vault

CVE-2025-5999 - Root Privilege Escalation https://feedly.com/cve/CVE-2025-5999

Admin to root escalation via policy normalization

CVE-2025-6000 - Remote Code Execution https://feedly.com/cve/CVE-2025-6000

First public RCE in Vault (existed for 9 years) Via plugin catalog abuse > https://discuss.hashicorp.com/t/hcsec-2025-14-privileged-vau...