CVE-2025-6004

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-6004

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6004.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-6004

Aliases

BIT-vault-2025-6004
GHSA-qgj7-fmq2-6cc4
GO-2025-3840

Downstream

MINI-mxhx-w778-v787

Published

2025-08-01T18:15:56Z

Modified

2025-08-13T20:32:14Z

Summary

[none]

Details

Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

References

https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type: GIT
Repo: https://github.com/hashicorp/vault
Events: Introduced

a4cf0dc4437de35fce4860857b64569d092a9b5a

Fixed

b403b1a27c8db6038ffefb296d7be0962e08039d