UBUNTU-CVE-2025-34075

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-34075

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-34075.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-34075

Related

CVE-2025-34075

Published

2025-07-03T00:00:00Z

Modified

2025-07-03T05:18:39Z

Severity

5.4 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant (or C:\vagrant on Windows). This includes the Vagrantfile configuration file, which is a Ruby script evaluated by the host every time a vagrant command is executed in the project directory. If a low-privileged attacker obtains shell access to the guest VM, they can append arbitrary Ruby code to the mounted Vagrantfile. When a user on the host later runs any vagrant command, the injected code is executed on the host with that user’s privileges. While this shared-folder behavior is well-documented by Vagrant, the security implications of Vagrantfile execution from guest-writable storage are not explicitly addressed. This effectively enables guest-to-host code execution in multi-tenant or adversarial VM scenarios.

References

Affected packages

Ubuntu:Pro:16.04:LTS / vagrant

Package

Name: vagrant
Purl: pkg:deb/ubuntu/vagrant@1.8.1+dfsg-1ubuntu0.2?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.4+dfsg-1

1.8.1+dfsg-1

1.8.1+dfsg-1ubuntu0.1

1.8.1+dfsg-1ubuntu0.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / vagrant

Package

Name: vagrant
Purl: pkg:deb/ubuntu/vagrant@2.0.2+dfsg-2ubuntu8?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.9.1+dfsg-1

2.*

2.0.2+dfsg-2ubuntu2

2.0.2+dfsg-2ubuntu8

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:20.04:LTS / vagrant

Package

Name: vagrant
Purl: pkg:deb/ubuntu/vagrant@2.2.6+dfsg-2ubuntu3?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.3+dfsg-1ubuntu2

2.2.6+dfsg-2ubuntu1

2.2.6+dfsg-2ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / vagrant

Package

Name: vagrant
Purl: pkg:deb/ubuntu/vagrant@2.2.19+dfsg-1ubuntu1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.14+dfsg-1ubuntu1

2.2.19+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}