CVE-2025-6015

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-6015
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6015.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-6015
Aliases
Downstream
Related
Published
2025-08-01T18:15:57.010Z
Modified
2026-03-23T05:01:51.201657483Z
Severity
  • 5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

References

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type
GIT
Repo
https://github.com/hashicorp/vault
Events
Introduced
7738ec5d0d6f5bf94a809ee0f6ff0142cfa525a6
Fixed
b403b1a27c8db6038ffefb296d7be0962e08039d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6fdd6b59e97d97a9e19b0fb5304bf879c190295e
Database specific 
{
    "versions": [
        {
            "introduced": "1.10.0"
        },
        {
            "fixed": "1.20.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.20.0"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6015.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "1.10.0"
            },
            {
                "fixed": "1.16.23"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "1.17.0"
            },
            {
                "fixed": "1.18.12"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "1.19.0"
            },
            {
                "fixed": "1.19.7"
            }
        ]
    }
]