PT-2025-26854 · Hashicorp+1 · Vault Community+2

Alex Scheel

Published

2025-06-25

Updated

2026-01-22

CVE-2025-4656

CVSS v3.1

3.1

Low

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions: Vault Community and Vault Enterprise versions prior to 1.20.0 Vault Enterprise versions prior to 1.19.6, 1.18.11, 1.17.17, and 1.16.22

Description: The issue is related to uncontrolled cancellation by a Vault operator during rekey and recovery key operations, leading to a denial of service.

Recommendations: For Vault Community Edition, update to version 1.20.0 or later. For Vault Enterprise, update to version 1.20.0, 1.19.6, 1.18.11, 1.17.17, or 1.16.22 or later. As a temporary workaround, consider restricting access to rekey and recovery key operations to minimize the risk of exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1088CWE-399

Related Identifiers

BDU:2025-08610

BIT-VAULT-2025-4656

CVE-2025-4656

GHSA-FHC2-8QX8-6VJ7

GO-2025-3788

OPENSUSE-SU-2025:15254-1

OPENSUSE-SU-2025:15405-1

Affected Products

Red Os

Vault Community

Vault Enterprise

PT-2025-26854 · Hashicorp+1 · Vault Community+2

CVE-2025-4656

Weakness Enumeration

Related Identifiers

Affected Products

References · 74