{
  "public_date" : "2025-07-02T19:26:01Z",
  "bugzilla" : {
    "description" : "vagrant: HashiCorp Vagrant Host Code Execution",
    "id" : "2375965",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2375965"
  },
  "cwe" : "CWE-94",
  "details" : [ "A virtual machine escape vector has been discovered in HashiCorp Vagrant. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant. This includes the Vagrantfile configuration file, which is a Ruby script evaluated by the host every time a vagrant command is executed in the project directory. If a low-privileged attacker obtains shell access to the guest VM, they can append arbitrary Ruby code to the mounted Vagrantfile." ],
  "statement" : "Rejected as CVE due to documented, intended behavior that does not violate a claimed security boundary.",
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-34075\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-34075\nhttps://developer.hashicorp.com/vagrant\nhttps://developer.hashicorp.com/vagrant/docs/synced-folders/basic_usage\nhttps://developer.hashicorp.com/vagrant/docs/vagrantfile\nhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/local/vagrant_synced_folder_vagrantfile_breakout.rb\nhttps://vulncheck.com/advisories/hashicorp-vagrant-synced-folder-vagrantfile-breakout" ],
  "name" : "CVE-2025-34075",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}