Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-4656

Опубликовано: 25 июн. 2025
Источник: redhat
CVSS3: 3.1
EPSS Низкий

Описание

Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.

A key handling flaw has been discovered in Vault. The rekey and recovery key operations may lead to a denial of service in the vault application due to uncontrolled cancellations of these operations.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
cert-manager Operator for Red Hat OpenShiftcert-manager/cert-manager-operator-rhel9Fix deferred
Red Hat Openshift Data Foundation 4odf4/cephcsi-rhel9Fix deferred
Red Hat Openshift Data Foundation 4odf4/mcg-cli-rhel9Fix deferred
Red Hat Openshift Data Foundation 4odf4/mcg-rhel9-operatorFix deferred
Red Hat Openshift Data Foundation 4odf4/odf-cli-rhel9Fix deferred
Red Hat Trusted Artifact Signerrhtas/client-server-rhel9Fix deferred
Red Hat Trusted Artifact Signerrhtas/fulcio-rhel9Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-1088
https://bugzilla.redhat.com/show_bug.cgi?id=2374792github.com/hashicorp/vault: Vault Denial of Service

EPSS

Процентиль: 1%
0.00013
Низкий

3.1 Low

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-4656

CVSS3: 3.1
nvd
около 2 месяцев назад

Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.

redos логотип

ROS-20250716-02

CVSS3: 3.1
redos
около 1 месяца назад

Уязвимость vault

github логотип

GHSA-fhc2-8qx8-6vj7

CVSS3: 3.1
github
около 2 месяцев назад

Vault Community Edition rekey and recovery key operations can cause denial of service

fstec логотип

BDU:2025-08610

CVSS3: 3.1
fstec
около 2 месяцев назад

Уязвимость платформ для архивирования корпоративной информации HashiCorp Vault Community Edition и Vault Enterprise, связанная с ошибками управления ресурсами, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 1%
0.00013
Низкий

3.1 Low

CVSS3