CVE-2025-34075
- EPSS 0.02%
- Published 02.07.2025 19:26:01
- Last modified 16.07.2025 14:15:24
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initially assigned to document an issues that allows guest VM to modify the host’s Vagrantfile via default synced folder, leading to host-side code execution...
CVE-2023-5834
- EPSS 0.08%
- Published 27.10.2023 22:15:09
- Last modified 21.11.2024 08:42:35
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.
CVE-2022-42717
- EPSS 0.06%
- Published 11.10.2022 23:15:10
- Last modified 20.05.2025 15:15:51
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcar...
CVE-2017-16777
- EPSS 0.09%
- Published 16.11.2017 15:29:00
- Last modified 20.04.2025 01:37:25
If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.
CVE-2017-16001
- EPSS 0.09%
- Published 06.11.2017 17:29:00
- Last modified 20.04.2025 01:37:25
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.