VDB
CISA-2025-6014
CISA-2025-6014
PUBLISHED
CVSS 6.5 MEDIUM
Reported by HashiCorp · Published August 1, 2025
Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| HashiCorp | Vault | 0 |
| HashiCorp | Vault Enterprise | 0 |
| HashiCorp | Vault | 0, 0 |
| HashiCorp | Vault Enterprise | 0, 0 |
Timeline
- Aug 1, 2025 CVE Published
- Aug 1, 2025 CVE Updated