CVE-2025-6014

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Vault versions prior to 1.20.1 Vault Enterprise versions prior to 1.20.1 Vault Enterprise version 1.19.7 Vault Enterprise version 1.18.12 Vault Enterprise version 1.16.23

Description The Time-based One-Time Password (TOTP) Secrets Engine in Vault and Vault Enterprise is susceptible to code reuse within its validity period due to an issue with the code validation endpoint.

Recommendations Update Vault to version 1.20.1 or later. Update Vault Enterprise to version 1.20.1 or later. Update Vault Enterprise to version 1.19.7 or later. Update Vault Enterprise to version 1.18.12 or later. Update Vault Enterprise to version 1.16.23 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-156CWE-287

Related Identifiers

BDU:2025-11261

BIT-VAULT-2025-6014

CVE-2025-6014

GHSA-F7C3-MHJ2-9PVG

GHSA-QV3P-FMV3-9HWW

GO-2025-3841

GO-2025-3853

OPENSUSE-SU-2025:15434-1

OPENSUSE-SU-2025:15460-1

SUSE-SU-2025:02912-1

Affected Products

Red Os

Vault

Vault Enterprise

CVE-2025-6014

Weakness Enumeration

Related Identifiers

Affected Products

References · 54