CVE-2025-6004

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-6004
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6004.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-6004
Aliases
Downstream
Related
Published
2025-08-01T18:15:56.570Z
Modified
2026-03-23T05:03:18.470757761Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

References

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type
GIT
Repo
https://github.com/hashicorp/vault
Events
Introduced
a4cf0dc4437de35fce4860857b64569d092a9b5a
Fixed
b403b1a27c8db6038ffefb296d7be0962e08039d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6fdd6b59e97d97a9e19b0fb5304bf879c190295e
Database specific 
{
    "versions": [
        {
            "introduced": "1.13.0"
        },
        {
            "fixed": "1.20.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.20.0"
        }
    ]
}

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "1.13.0"
            },
            {
                "fixed": "1.16.23"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "1.17.0"
            },
            {
                "fixed": "1.18.12"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "1.19.0"
            },
            {
                "fixed": "1.19.7"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6004.json"