Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Hashicorp |
|
No data.
No data.
References
History
Mon, 04 Aug 2025 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Mon, 04 Aug 2025 09:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Hashicorp
Hashicorp vault Hashicorp vault Enterprise |
|
| Vendors & Products |
Hashicorp
Hashicorp vault Hashicorp vault Enterprise |
Fri, 01 Aug 2025 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 01 Aug 2025 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. | |
| Title | Vault Userpass and LDAP User Lockout Bypass | |
| Weaknesses | CWE-307 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: HashiCorp
Published: 2025-08-01T17:56:00.780Z
Updated: 2025-08-01T19:11:52.729Z
Reserved: 2025-06-11T18:36:41.720Z
Link: CVE-2025-6004
Vulnrichment
Updated: 2025-08-01T19:11:45.772Z
NVD
Status : Awaiting Analysis
Published: 2025-08-01T18:15:56.570
Modified: 2025-08-04T15:06:15.833
Link: CVE-2025-6004
Redhat