CNNVD-202508-3295 Information
CNNVD ID
CNNVD-202508-3295
Related CVE
- CNNVD Published: 2025-08-28
Description (Chinese)
HashiCorp Vault Enterprise和HashiCorp Vault Community Edition都是美国HashiCorp公司的产品。HashiCorp Vault Enterprise是一个企业信息归档平台。HashiCorp Vault Community Edition是一款密钥管理工具。 HashiCorp Vault Enterprise和HashiCorp Vault Community Edition 1.20.3版本、1.19.9版本、1.18.14版本和1.16.25之前版本存在安全漏洞,该漏洞源于特制负载导致内存和CPU消耗过高,可能导致拒绝服务。以下版本受到影响:
Description (English)
HashiCorpVault Enterprise and HashiCorpVault Community Equality are products of the United States company HashiCorp. HashiCorp Vault Enterprise is a corporate information archiving platform. HashiCorpVault Commission is a key management tool. HashiCorpVault Enterprise and HashiCorpVault Commission 1.20.3, 1,19.9, 1,18.14 and previous versions 1.16.25 have security loopholes, which stem from the overconsumption of memory and CPU by ad hoc loads, which may lead to the denial of services. The following versions were affected:
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
HashiCorp
Published
2025-08-28
Last Modified
2026-02-24
References
https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393 https://nvd.nist.gov/vuln/detail/CVE-2025-6203
Patch
https://developer.hashicorp.com/vault/install
Share on: