Vault TOTP Secrets Engine Code Reuse_CVE-2025-6014

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

Basic Information

ID CVE-2025-6014

Source HashiCorp

Published Aug 1, 2025 at 17:50

Modified Aug 1, 2025 at 18:05

Affected Product

Vendor HashiCorp

Product Vault

Affected Versions HashiCorp Vault 0
HashiCorp Vault Enterprise 0

CWE Classification

CWE-156

References

discuss.hashicorp.com /t/hcsec-2025-17-vault-totp-secrets-engine-code-reuse/76036

{
    "lastseen": "",
    "description": "Vault and Vault Enterprise\u2019s (\u201cVault\u201d) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.",
    "published": "2025-08-01T17:50:09.308Z",
    "modified": "2025-08-01T18:05:37.553Z",
    "type": "cve",
    "title": "Vault TOTP Secrets Engine Code Reuse",
    "source": "HashiCorp",
    "references": "https://discuss.hashicorp.com/t/hcsec-2025-17-vault-totp-secrets-engine-code-reuse/76036",
    "id": "CVE-2025-6014",
    "bulletinFamily": "",
    "cwe": [
        "CWE-156"
    ],
    "cvelist": null,
    "sourceData": "HashiCorp Vault 0\nHashiCorp Vault Enterprise 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Vault",
    "version": "0",
    "vendor": "HashiCorp",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}