CVE-2025-6013

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Vault versions prior to 1.20.2 Vault Enterprise versions prior to 1.20.2 Vault Enterprise version 1.19.8 Vault Enterprise version 1.18.13 Vault Enterprise version 1.16.24

Description The LDAP authentication method in Vault and Vault Enterprise may not have correctly enforced multi-factor authentication (MFA) when username as alias was set to true and a user had multiple Common Names (CNs) that were equal but contained leading or trailing spaces.

Recommendations Upgrade to Vault Community Edition version 1.20.2 or later. Upgrade to Vault Enterprise version 1.20.2 or later. Upgrade to Vault Enterprise version 1.19.8. Upgrade to Vault Enterprise version 1.18.13. Upgrade to Vault Enterprise version 1.16.24.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-156

Related Identifiers

BDU:2025-09582

BIT-VAULT-2025-6013

CVE-2025-6013

GHSA-2Q8Q-8FGW-9P6P

GHSA-7RX2-769V-HRWF

GO-2025-3848

GO-2025-3859

OPENSUSE-SU-2025:15434-1

OPENSUSE-SU-2025:15460-1

SUSE-SU-2025:02912-1

Affected Products

Red Os

Vault

Vault Enterprise

CVE-2025-6013

Weakness Enumeration

Related Identifiers

Affected Products

References · 60