PT-2025-35133 · Hashicorp+1 · Vault Community Edition+2
Darrell Bethea
·
Publicado
2025-08-28
·
Atualizado
2025-12-18
·
CVE-2025-6203
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
HashiCorp Vault versions prior to 1.20.3
HashiCorp Vault Enterprise versions 1.19.9, 1.18.14, and 1.16.25
Description
A malicious user can submit a specially crafted payload that results in excessive memory and CPU consumption, potentially leading to a timeout in Vault’s auditing subroutine and causing the server to become unresponsive. Approximately 123,600 services are potentially exposed worldwide. Over 29,800 vulnerable instances have been identified.
Recommendations
HashiCorp Vault versions prior to 1.20.3 should be upgraded to version 1.20.3 or later.
HashiCorp Vault Enterprise versions prior to 1.19.9 should be upgraded to version 1.19.9 or later.
HashiCorp Vault Enterprise versions prior to 1.18.14 should be upgraded to version 1.18.14 or later.
HashiCorp Vault Enterprise versions prior to 1.16.25 should be upgraded to version 1.16.25 or later.
Correção
DoS
Allocation of Resources Without Limits
Resource Exhaustion
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Red Os
Vault Community Edition
Vault Enterprise