PT-2025-43549 · Hashicorp+1 · Vault Enterprise+2

Toni Tauro

·

Published

2025-10-23

·

Updated

2025-11-29

·

CVE-2025-12044

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 1.16.27 HashiCorp Vault Enterprise versions prior to 1.16.27 HashiCorp Vault versions prior to 1.19.11 HashiCorp Vault Enterprise versions prior to 1.19.11 HashiCorp Vault versions prior to 1.20.5 HashiCorp Vault Enterprise versions prior to 1.20.5 HashiCorp Vault versions prior to 1.21.0 HashiCorp Vault Enterprise versions prior to 1.21.0
Description HashiCorp Vault and Vault Enterprise are susceptible to an unauthenticated denial-of-service condition when handling JSON payloads. This issue arises from a regression in a previous fix, which previously allowed JSON payloads to be processed before rate limits were applied. An attacker can exploit this by sending a specially crafted JSON file, potentially causing a service outage.
Recommendations Vault versions prior to 1.16.27: Upgrade to version 1.16.27 or later. Vault Enterprise versions prior to 1.16.27: Upgrade to version 1.16.27 or later. Vault versions prior to 1.19.11: Upgrade to version 1.19.11 or later. Vault Enterprise versions prior to 1.19.11: Upgrade to version 1.19.11 or later. Vault versions prior to 1.20.5: Upgrade to version 1.20.5 or later. Vault Enterprise versions prior to 1.20.5: Upgrade to version 1.20.5 or later. Vault versions prior to 1.21.0: Upgrade to version 1.21.0 or later. Vault Enterprise versions prior to 1.21.0: Upgrade to version 1.21.0 or later.

Fix

DoS

Allocation of Resources Without Limits

Weakness Enumeration

CWE-770

Related Identifiers

BDU:2025-13410
BIT-VAULT-2025-12044
CVE-2025-12044
GHSA-VP5W-XCFC-73WF
GO-2025-4071
OPENSUSE-SU-2025:15710-1

Affected Products

Red Os
Vault
Vault Enterprise