GHSA-vp5w-xcfc-73wf

Опубликовано: 23 окт. 2025

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON

Vault and Vault Enterprise ("Vault") are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393] which allowed for processing JSON payloads before applying rate limits. This vulnerability, CVE-2025-12044, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.16.27, 1.19.11, 1.20.5, and 1.21.0.

Ссылки

Пакеты

Наименование

github.com/hashicorp/vault

Затронутые версииВерсия исправления

>= 1.20.3, < 1.21.0

1.21.0

EPSS

Процентиль: 22%

0.00071

Низкий

7.5 High

CVSS3

CVE ID

CVE-2025-12044

Дефекты

CWE-770

Связанные уязвимости

CVE-2025-12044

CVSS3: 7.5

nvd

10 дней назад

Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393] which allowed for processing JSON payloads before applying rate limits. This vulnerability, CVE-2025-12044, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.16.27, 1.19.11, 1.20.5, and 1.21.0.

BDU:2025-13410

CVSS3: 7.5

fstec

11 дней назад

Уязвимость системы контроля доступом Vault и платформы для архивирования корпоративной информации Vault Enterprise, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 22%

0.00071

Низкий

7.5 High

CVSS3

CVE ID

CVE-2025-12044

Дефекты

CWE-770