LOW🇬🇧 English

CVE-2025-4656

CVSS 3.1v3.1pub. 2025-06-25upd. 2025-08-13

Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
  • Hashicorp Vault

    APP
    Hashicorp
    1.14.8 – 1.16.22 (bez)1.14.8 – 1.20.0 (bez)1.17.0 – 1.17.17 (bez)1.18.0 – 1.18.11 (bez)1.19.0 – 1.19.6 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2025-6000CRITICAL9.1PL ✓ten sam produkt

HashiCorp Vault: RCE przez uprzywilejowanego operatora via sys/audit

CVE-2022-40186CRITICAL9.1ten sam produkt

An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity...

CVE-2022-36129CRITICAL9.1ten sam produkt

HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an...

CVE-2020-35192CRITICAL9.8ten sam produkt

The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vaul...

CVE-2020-12757CRITICAL9.8ten sam produkt

HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorre...