CVE-2025-34075
Description
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.Initially assigned to document an issues that allows guest VM to modify the hosts Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended behavior that does not violate a claimed security boundary. https://developer.hashicorp.com/vagrant/docs/synced-folders
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
0.02
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2025-34075 are fixed in Ruby-vagrant 2.4.7 | Windows |
| Vulnerabilities CVE-2025-34075 are fixed in Ruby-vagrant for Linux 2.4.7 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234