CVE-2025-6014

Source
https://cve.org/CVERecord?id=CVE-2025-6014
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6014.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-6014
Aliases
Downstream
Related
Published
2025-08-01T17:50:09.308Z
Modified
2026-07-15T02:16:02.366969630Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Vault TOTP Secrets Engine Code Reuse
Details

Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/6xxx/CVE-2025-6014.json",
    "cwe_ids": [
        "CWE-156"
    ],
    "cna_assigner": "HashiCorp"
}
References

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type
GIT
Repo
https://github.com/hashicorp/vault
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Last affected
Database specific
{
    "cpe": [
        "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
        "cpe:2.3:a:hashicorp:vault:1.20.0:*:*:*:enterprise:*:*:*"
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.20.1"
        },
        {
            "introduced": "1.20.0"
        },
        {
            "last_affected": "1.20.0"
        }
    ]
}

Affected versions

1.*
1.20.0
v1.*
v1.20.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6014.json"