GHSA-8f82-53h8-2p34
Suggest an improvement- Source
- https://github.com/advisories/GHSA-8f82-53h8-2p34
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-8f82-53h8-2p34/GHSA-8f82-53h8-2p34.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-8f82-53h8-2p34
- Aliases
-
- BIT-vault-2025-6203
- CVE-2025-6203
- Downstream
- Related
- Published
- 2025-08-28T21:31:26Z
- Modified
- 2025-08-30T09:56:57.768354Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads
- Details
-
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become unresponsive. This vulnerability, CVE-2025-6203, is fixed in Vault Community Edition 1.20.3 and Vault Enterprise 1.20.3, 1.19.9, 1.18.14, and 1.16.25.
- Database specific
{ "github_reviewed": true, "cwe_ids": [ "CWE-770" ], "severity": "HIGH", "nvd_published_at": "2025-08-28T20:15:43Z", "github_reviewed_at": "2025-08-29T16:22:47Z" }- References
Affected packages
Go / github.com/hashicorp/vault
Package
- Name
- github.com/hashicorp/vault
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/hashicorp/vault