Cybersecurity researchers have discovered over a dozen vulnerabilities in enterprise secure vaults from CyberArk and HashiCorp that, if successfully exploited, can allow remote attackers to crack open corporate identity systems and extract enterprise secrets and tokens from them.

The 14 vulnerabilities, collectively named Vault Fault , affect CyberArk Secrets Manager, Self-Hosted, and Conjur Open Source and HashiCorp Vault, according to a report from an identity security firm Cyata. Following responsible disclosure in May 2025, the flaws have been addressed in the following versions -

CyberArk Secrets Manager and Self-Hosted 13.5.1 and 13.6.1

CyberArk Conjur Open Source 1.22.1

HashiCorp Vault Community Edition 1.20.2 or Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and 1.16.24

These inc

See Full Page