Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-vp5w-xcfc-73wf

Опубликовано: 23 окт. 2025
Источник: github
Github: Прошло ревью
CVSS3: 7.5

Описание

Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON

Vault and Vault Enterprise ("Vault") are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393]  which allowed for processing JSON payloads before applying rate limits. This vulnerability, CVE-2025-12044, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.16.27, 1.19.11, 1.20.5, and 1.21.0.

Ссылки

Пакеты

Наименование

github.com/hashicorp/vault

go
Затронутые версииВерсия исправления

>= 1.20.3, < 1.21.0

1.21.0

EPSS

Процентиль: 40%
0.00185
Низкий

7.5 High

CVSS3

CVE ID

CVE-2025-12044

Дефекты

CWE-770

Связанные уязвимости

redhat логотип

CVE-2025-12044

CVSS3: 7.5
redhat
5 месяцев назад

Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393]  which allowed for processing JSON payloads before applying rate limits. This vulnerability, CVE-2025-12044, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.16.27, 1.19.11, 1.20.5, and 1.21.0.

nvd логотип

CVE-2025-12044

CVSS3: 7.5
nvd
5 месяцев назад

Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393]  which allowed for processing JSON payloads before applying rate limits. This vulnerability, CVE-2025-12044, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.16.27, 1.19.11, 1.20.5, and 1.21.0.

fstec логотип

BDU:2025-13410

CVSS3: 7.5
fstec
5 месяцев назад

Уязвимость системы контроля доступом Vault и платформы для архивирования корпоративной информации Vault Enterprise, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

redos логотип

ROS-20251128-03

CVSS3: 8.1
redos
4 месяца назад

Множественные уязвимости vault

EPSS

Процентиль: 40%
0.00185
Низкий

7.5 High

CVSS3

CVE ID

CVE-2025-12044

Дефекты

CWE-770