CVE-2025-6004

Medium CVSS: 5.3

Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

Vendor

Hashicorp

Product

Vault

CWE

CWE-307

Yayın Tarihi

2025-08-01 18:15:56

Güncelleme

2025-08-13 18:10:19

Source Identifier

security@hashicorp.com

KEV Date Added

Kategoriler

CWE-307 Vault MEDIUM Hashicorp 2025

Referanslar

https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035

Benzer Kayıtlar

High

CVE-2025-13357

Vault’s Terraform Provider incorrectly set the default deny_null_bind parameter for the LDAP auth method to false by def…

Medium

CVE-2025-13432

Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise w…

Medium

CVE-2025-11374

Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect C…

Medium

CVE-2025-11375

Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum…

High

CVE-2025-12044

Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payload…

High

CVE-2025-11621

Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the co…