CVE-2025-34075 – Vagrant Virtual Machine Escape via Ruby Code Injection

CVE ID : CVE-2025-34075

Published : July 2, 2025, 8:15 p.m. | 37 minutes ago

Description : An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant (or C:vagrant on Windows). This includes the Vagrantfile configuration file, which is a Ruby script evaluated by the host every time a vagrant command is executed in the project directory. If a low-privileged attacker obtains shell access to the guest VM, they can append arbitrary Ruby code to the mounted Vagrantfile. When a user on the host later runs any vagrant command, the injected code is executed on the host with that user’s privileges.

While this shared-folder behavior is well-documented by Vagrant, the security implications of Vagrantfile execution from guest-writable storage are not explicitly addressed. This effectively enables guest-to-host code execution in multi-tenant or adversarial VM scenarios.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

نوشته های مشابه

Multiple vulnerabilities in Trend Micro Password Manager for Windows (CVE-2025-48443, CVE-2025-52837)

CVE-2025-34076 – Microweber CMS Local File Inclusion Vulnerability

CVE-2025-34078 – NSClient++ Privilege Escalation (Local)

CVE-2025-34079 – NSClient++ Remote Code Execution Vulnerability