CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-6013 – Vault LDAP MFA Enforcement Bypass When Using Username As Alias
https://notcve.org/view.php?id=CVE-2025-6013
06 Aug 2025 — Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and 1.16.24. Es posible que el método de autenticación LDAP de Vault y Vault Enterprise (Vault) no haya aplicado correctamente la MFA si `username_as_alias` se configuró como `true` y un usuario tenía varios CN iguale... • https://discuss.hashicorp.com/t/hcsec-2025-20-vault-ldap-mfa-enforcement-bypass-when-using-username-as-alias/76092 • CWE-156: Improper Neutralization of Whitespace •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-6015 – Vault Login MFA Bypass of Rate Limiting and TOTP Code Reuse
https://notcve.org/view.php?id=CVE-2025-6015
01 Aug 2025 — Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. Se pudieron eludir los límites de tasa de MFA de inicio de sesión de Vault y Vault Enterprise (Vault), y reutilizar los tokens TOTP. Corregido en Vault Community Edition 1.20.1 y Vault Enterprise 1.20.1, 1.19.7, 1.18.12 y 1.16.23. • https://discuss.hashicorp.com/t/hcsec-2025-19-vault-login-mfa-bypass-of-rate-limiting-and-totp-token-reuse/76038 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-6011 – Timing Side-Channel in Vault’s Userpass Auth Method
https://notcve.org/view.php?id=CVE-2025-6011
01 Aug 2025 — A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. Un canal lateral de temporización en el método de autenticación por contraseña de usuario de Vault y Vault Enterprise (Vault) permitía a un atacante distinguir entre usuarios e... • https://discuss.hashicorp.com/t/hcsec-2025-15-timing-side-channel-in-vault-s-userpass-auth-method/76034 • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-6004 – Vault Userpass and LDAP User Lockout Bypass
https://notcve.org/view.php?id=CVE-2025-6004
01 Aug 2025 — Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. La función de bloqueo de usuarios de Vault y Vault Enterprise (Vault) podía omitirse para los métodos de autenticación Userpass y LDAP. Corregido en Vault Community Edition 1.20.1 y Vault Enterprise 1.20.1, 1.19.7, 1.18.12 y 1.16.23. • https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-6037 – Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates
https://notcve.org/view.php?id=CVE-2025-6037
01 Aug 2025 — Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. El método de autenticación de cert... • https://discuss.hashicorp.com/t/hcsec-2025-18-vault-certificate-auth-method-did-not-validate-common-name-for-non-ca-certificates/76037 • CWE-295: Improper Certificate Validation •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-6014 – Vault TOTP Secrets Engine Code Reuse
https://notcve.org/view.php?id=CVE-2025-6014
01 Aug 2025 — Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. El endpoint de validación de código del motor de secretos TOTP de Vault y Vault Enterprise (Vault) es susceptible de reutilización dentro de su periodo de validez. Corregido en Vault Community Edition 1.20.1 y Vault Enterprise 1.20.1, 1.19.7, 1.18.12 y 1.16.23. • https://discuss.hashicorp.com/t/hcsec-2025-17-vault-totp-secrets-engine-code-reuse/76036 • CWE-156: Improper Neutralization of Whitespace •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-6000 – Arbitrary Remote Code Execution via Plugin Catalog Abuse
https://notcve.org/view.php?id=CVE-2025-6000
01 Aug 2025 — A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. Un operador privilegiado de Vault dentro del espacio de nombres raíz con permiso de escritura en {{sys/audit}} puede obtener la ejecución de código en el host subyacente si se establece un directorio de complementos ... • https://discuss.hashicorp.com/t/hcsec-2025-14-privileged-vault-operator-may-execute-code-on-the-underlying-host/76033 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-5999 – Vault Root Namespace Operator May Elevate Token Privileges
https://notcve.org/view.php?id=CVE-2025-5999
01 Aug 2025 — A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22. Un operador privilegiado de Vault con permisos de escritura en el endpoint de identidad del espacio de nombres raíz podría escalar sus propios privilegios de token o los de otro usuario a la política root de Vault. Corregido en Vault Com... • https://discuss.hashicorp.com/t/hcsec-2025-13-vault-root-namespace-operator-may-elevate-token-privileges/76032 • CWE-266: Incorrect Privilege Assignment •
CVSS: 3.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-4656 – Vault Vulnerable to Recovery Key Cancellation Denial of Service
https://notcve.org/view.php?id=CVE-2025-4656
25 Jun 2025 — Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22. These are all security issues fixed in the openbao-2.3.1-1.1 package on the GA media of openSUSE Tumbleweed. • https://discuss.hashicorp.com/t/hcsec-2025-11-vault-vulnerable-to-recovery-key-cancellation-denial-of-service/75570 • CWE-1088: Synchronous Access of Remote Resource without Timeout •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-3879 – Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login
https://notcve.org/view.php?id=CVE-2025-3879
02 May 2025 — Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18. These are all security issues fixed in the govulncheck-vulndb-0.0.20250506T153719-1.1 package on the GA media of openSUSE Tumbleweed. • https://discuss.hashicorp.com/t/hcsec-2025-07-vault-s-azure-authentication-method-bound-location-restriction-could-be-bypassed-on-login/74716 • CWE-863: Incorrect Authorization •