CVE-2025-12044 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-12044 PUBLISHED

Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393] which allowed for processing JSON payloads before applying rate limits. This vulnerability, CVE-2025-12044, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.16.27, 1.19.11, 1.20.5, and 1.21.0.

EPSS 0.16% · 36.3th percentile

Risk Scores

EPSS Score

0.16%

36.3th percentile

Affected Products

Vendor	Product	Versions
Bitnami	vault	0.6.0, 1.17.0, 1.20.0
Bitnami	vault	0.6.0, 1.17.0, 1.20.0

Timeline

Oct 23, 2025 CVE Published
Oct 23, 2025 Coalition ESS Score
Oct 24, 2025 EPSS Score
Oct 25, 2025 Coalition ESS Score
Oct 25, 2025 PoC Published
Oct 27, 2025 Coalition ESS Score
Oct 27, 2025 PoC Published
Oct 28, 2025 PoC Published
Oct 29, 2025 EPSS Score
Oct 30, 2025 Coalition ESS Score
Nov 3, 2025 EPSS Score
Nov 8, 2025 Coalition ESS Score

References

Open in Interactive Console →