BIT-vault-2025-6203
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/vault/BIT-vault-2025-6203.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-vault-2025-6203
- Aliases
-
- CVE-2025-6203
- GHSA-8f82-53h8-2p34
- GO-2025-3924
- Published
- 2025-08-30T08:51:09.044Z
- Modified
- 2025-09-08T14:59:16.514157Z
- Summary
- Vault unauthenticated denial of service through complex json payload
- Details
-
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become unresponsive. This vulnerability, CVE-2025-6203, is fixed in Vault Community Edition 1.20.3 and Vault Enterprise 1.20.3, 1.19.9, 1.18.14, and 1.16.25.
- Database specific
{ "severity": "High", "cpes": [ "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:go:*:*", "cpe:2.3:a:hashicorp:vault:*:*:*:*:community:go:*:*" ] }- References
Affected packages
Bitnami / vault
Package
- Name
- vault
- Purl
- pkg:bitnami/vault
Severity
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator