exploitDog

CVE-2025-6004

Опубликовано: 01 авг. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

Ссылки

https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035

EPSS

Процентиль: 11%

0.00039

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-307

Связанные уязвимости

CVE-2025-6004

CVSS3: 5.3

redhat

5 дней назад

Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

GHSA-qgj7-fmq2-6cc4

CVSS3: 5.3

github

5 дней назад

Hashicorp Vault has Lockout Feature Authentication Bypass

EPSS

Процентиль: 11%

0.00039

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-307