CNNVD-202506-3133 Information

Jun 25, 2025 cve

CNNVD ID

CNNVD-202506-3133

CVE-2025-4656

  • CNNVD Published: 2025-06-25

Description (Chinese)

HashiCorp Vault Enterprise和HashiCorp Vault Community都是美国HashiCorp公司的产品。HashiCorp Vault Enterprise是一个企业信息归档平台。HashiCorp Vault Community是一款密钥管理引擎。用来集中存储集群运行过程中所需要的秘密信息。 HashiCorp Vault Enterprise和HashiCorp Vault Community存在安全漏洞,该漏洞源于操作员取消操作可能导致拒绝服务。

Description (English)

HashiCorp Vault Enterprise and HashiCorp Vault Community are products of the United States company HashiCorp. HashiCorp Vault Enterprise is a corporate information archiving platform. HashiCorpVault Community is a key management engine. It is used to centralize confidential information required in the operation of the cluster. There is a security loophole in HashiCorpVault Enterprise and HasiCorpVault Community, which stems from the fact that the operator ’ s cancellation may result in the denial of services.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

HashiCorp

Published

2025-06-25

Last Modified

2026-02-24

References

https://discuss.hashicorp.com/t/hcsec-2025-11-vault-vulnerable-to-recovery-key-cancellation-denial-of-service/75570 https://access.redhat.com/security/cve/cve-2025-4656 https://nvd.nist.gov/vuln/detail/CVE-2025-4656

Patch

https://discuss.hashicorp.com/t/hcsec-2025-11-vault-vulnerable-to-recovery-key-cancellation-denial-of-service/75570

Share on: