Vault Userpass and LDAP User Lockout Bypass_CVE-2025-6004

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

Basic Information

ID CVE-2025-6004

Source HashiCorp

Published Aug 1, 2025 at 17:56

Modified Aug 1, 2025 at 19:11

Affected Product

Vendor HashiCorp

Product Vault

Version 1.13.0

Affected Versions HashiCorp Vault 1.13.0
HashiCorp Vault Enterprise 1.13.0

CWE Classification

CWE-307

References

discuss.hashicorp.com /t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035

{
    "lastseen": "",
    "description": "Vault and Vault Enterprise\u2019s (\u201cVault\u201d) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.",
    "published": "2025-08-01T17:56:00.780Z",
    "modified": "2025-08-01T19:11:52.729Z",
    "type": "cve",
    "title": "Vault Userpass and LDAP User Lockout Bypass",
    "source": "HashiCorp",
    "references": "https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035",
    "id": "CVE-2025-6004",
    "bulletinFamily": "",
    "cwe": [
        "CWE-307"
    ],
    "cvelist": null,
    "sourceData": "HashiCorp Vault 1.13.0\nHashiCorp Vault Enterprise 1.13.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Vault",
    "version": "1.13.0",
    "vendor": "HashiCorp",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}