VDB
CVE-2025-12044
CVE-2025-12044
PUBLISHED
Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393] which allowed for processing JSON payloads before applying rate limits. This vulnerability, CVE-2025-12044, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.16.27, 1.19.11, 1.20.5, and 1.21.0.
EPSS 0.30% · 54.1th percentile
Risk Scores
EPSS Score
0.30%
54.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | vault | 0.6.0, 1.17.0, 1.20.0 |
| Bitnami | vault | 0.6.0, 1.17.0, 1.20.0 |
Timeline
- Oct 23, 2025 CVE Published
- Oct 23, 2025 Coalition ESS Score
- Oct 24, 2025 EPSS Score
- Oct 25, 2025 Coalition ESS Score
- Oct 25, 2025 PoC Published
- Oct 27, 2025 Coalition ESS Score
- Oct 27, 2025 PoC Published
- Oct 28, 2025 PoC Published
- Oct 30, 2025 EPSS Score
- Oct 30, 2025 Coalition ESS Score
- Nov 5, 2025 EPSS Score
- Nov 8, 2025 Coalition ESS Score