CVE-2025-6004
BaseFortify
Publication date: 2025-08-01
Last updated on: 2025-08-13
Assigner: HashiCorp Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hashicorp | vault | From 1.13.0 (inc) to 1.16.23 (exc) |
| hashicorp | vault | From 1.13.0 (inc) to 1.20.1 (exc) |
| hashicorp | vault | From 1.17.0 (inc) to 1.18.12 (exc) |
| hashicorp | vault | From 1.19.0 (inc) to 1.19.7 (exc) |
| hashicorp | vault | 1.20.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows the user lockout feature in Vault and Vault Enterprise to be bypassed when using Userpass and LDAP authentication methods. This means that the mechanism intended to lock out users after certain conditions (such as failed login attempts) can be circumvented.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker could potentially continue attempting to authenticate without being locked out, which could lead to increased risk of unauthorized access attempts or brute force attacks. However, the vulnerability does not affect confidentiality or availability, only integrity to a limited extent.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Vault or Vault Enterprise to the fixed versions: Vault Community Edition 1.20.1 or Vault Enterprise 1.20.1, 1.19.7, 1.18.12, or 1.16.23.