diff --git a/content/vault/global/partials/important-changes/breaking-changes/cve-2025-6000.mdx b/content/vault/global/partials/important-changes/breaking-changes/cve-2025-6000.mdx
index 31d6503fe8..01a57c1e8b 100644
--- a/content/vault/global/partials/important-changes/breaking-changes/cve-2025-6000.mdx
+++ b/content/vault/global/partials/important-changes/breaking-changes/cve-2025-6000.mdx
@@ -5,10 +5,19 @@
 | Breaking     | 1.20.1+, 1.19.7+, 1.18.12+, 1.16.23+ | All
 
 File audit devices require explicit configuration for prefixing and cannot use
-executable file permissions.  You must set `allow_audit_log_prefixing` to `true`
-in your server configuration to enable `file` audit devices with the `prefix`
-option. Additionally, `file` audit devices cannot use file modes with executable
-permissions (e.g., 0777, 0755).
+executable file permissions.
+
+Vault will not unseal on upgrade if your only configured audit device is a
+`file` device with the executable
+[mode](/vault/docs/commands/audit/enable#command-arguments) set.
+
+Vault `file` audit devices cannot use file modes with executable permissions
+(e.g., 0777, 0755), and should be configured with `0644` permissions
+(or similar).
+
+Additionally, to enable `file` audit devices with the `prefix` option, you must
+set `allow_audit_log_prefixing` to `true` in your server configuration on each
+node in your cluster.
 
 #### Recommendation
 
@@ -16,4 +25,4 @@ If you use `file` audit devices:
 
 1. Add `allow_audit_log_prefixing = true` to your Vault server configuration if
    you want to use the `prefix` option.
-1. Use non-executable file modes (e.g., 0644, 0666) for log files.
\ No newline at end of file
+1. Use non-executable file modes (e.g., 0644, 0666) for log files.