CVE-2025-6004 Information

Description

Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1 1.19.7 1.18.12 and 1.16.23.

Reference

https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035

Related CNNVD

CNNVD-202508-077 (Published: 2025-08-01)