Vault Vulnerable to Denial of Service Due to Rate Limit...

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393] which allowed for processing JSON payloads before applying rate limits. This vulnerability, CVE-2025-12044, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.16.27, 1.19.11, 1.20.5, and 1.21.0.

Basic Information

ID CVE-2025-12044

Source HashiCorp

Published Oct 23, 2025 at 19:15

Modified Oct 23, 2025 at 20:00

Affected Product

Vendor HashiCorp

Product Vault

Version 1.20.3

Affected Versions HashiCorp Vault 1.20.3
HashiCorp Vault Enterprise 1.20.3
HashiCorp Vault Enterprise 1.19.9
HashiCorp Vault Enterprise 1.18.14
HashiCorp Vault Enterprise 1.16.25

CWE Classification

CWE-770

References

discuss.hashicorp.com /t/hcsec-2025-31-vault-vulnerable-to-denial-of-service-due-to-rate-limit-regression/76710

{
    "lastseen": "",
    "description": "Vault and Vault Enterprise (\u201cVault\u201d) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393]\u00a0 which allowed for processing JSON payloads before applying rate limits. This vulnerability, CVE-2025-12044, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.16.27, 1.19.11, 1.20.5, and 1.21.0.",
    "published": "2025-10-23T19:15:16.567Z",
    "modified": "2025-10-23T20:00:16.601Z",
    "type": "cve",
    "title": "Vault Vulnerable to Denial of Service Due to Rate Limit Regression",
    "source": "HashiCorp",
    "references": "https://discuss.hashicorp.com/t/hcsec-2025-31-vault-vulnerable-to-denial-of-service-due-to-rate-limit-regression/76710",
    "id": "CVE-2025-12044",
    "bulletinFamily": "",
    "cwe": [
        "CWE-770"
    ],
    "cvelist": null,
    "sourceData": "HashiCorp Vault 1.20.3\nHashiCorp Vault Enterprise 1.20.3\nHashiCorp Vault Enterprise 1.19.9\nHashiCorp Vault Enterprise 1.18.14\nHashiCorp Vault Enterprise 1.16.25",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Vault",
    "version": "1.20.3",
    "vendor": "HashiCorp",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Vault Vulnerable to Denial of Service Due to Rate Limit Regression_CVE-2025-12044