Hashicorp · Vault Enterprise · CVE-2025-12044
**Name of the Vulnerable Software and Affected Versions**
HashiCorp Vault versions prior to 1.16.27
HashiCorp Vault Enterprise versions prior to 1.16.27
HashiCorp Vault versions prior to 1.19.11
HashiCorp Vault Enterprise versions prior to 1.19.11
HashiCorp Vault versions prior to 1.20.5
HashiCorp Vault Enterprise versions prior to 1.20.5
HashiCorp Vault versions prior to 1.21.0
HashiCorp Vault Enterprise versions prior to 1.21.0
**Description**
HashiCorp Vault and Vault Enterprise are susceptible to an unauthenticated denial-of-service condition when handling JSON payloads. This issue arises from a regression in a previous fix, which previously allowed JSON payloads to be processed before rate limits were applied. An attacker can exploit this by sending a specially crafted JSON file, potentially causing a service outage.
**Recommendations**
Vault versions prior to 1.16.27: Upgrade to version 1.16.27 or later.
Vault Enterprise versions prior to 1.16.27: Upgrade to version 1.16.27 or later.
Vault versions prior to 1.19.11: Upgrade to version 1.19.11 or later.
Vault Enterprise versions prior to 1.19.11: Upgrade to version 1.19.11 or later.
Vault versions prior to 1.20.5: Upgrade to version 1.20.5 or later.
Vault Enterprise versions prior to 1.20.5: Upgrade to version 1.20.5 or later.
Vault versions prior to 1.21.0: Upgrade to version 1.21.0 or later.
Vault Enterprise versions prior to 1.21.0: Upgrade to version 1.21.0 or later.