CVE-2025-6011

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Vault versions prior to 1.20.1 Vault Enterprise versions prior to 1.20.1 Vault Enterprise version 1.19.7 Vault Enterprise version 1.18.12 Vault Enterprise version 1.16.23

Description A timing side channel in the userpass authentication method allowed an attacker to differentiate between existing and non-existing users, potentially enabling the enumeration of valid usernames.

Recommendations Update Vault to version 1.20.1 or later. Update Vault Enterprise to version 1.20.1 or later. Update Vault Enterprise to version 1.19.7 or later. Update Vault Enterprise to version 1.18.12 or later. Update Vault Enterprise to version 1.16.23 or later.

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203CWE-208

Related Identifiers

ALT-PU-2025-12480

ALT-PU-2025-12489

BDU:2025-11264

BIT-VAULT-2025-6011

CVE-2025-6011

GHSA-HH28-H22F-8357

GHSA-MWGR-84FV-3JH9

GO-2025-3839

GO-2025-3854

OPENSUSE-SU-2025:15434-1

OPENSUSE-SU-2025:15460-1

SUSE-SU-2025:02912-1

Affected Products

Alt Linux

Red Os

Vault

Vault Enterprise

CVE-2025-6011

Weakness Enumeration

Related Identifiers

Affected Products

References · 56