VDB

CVE-2025-12044

CVE-2025-12044 PUBLISHED

Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393]  which allowed for processing JSON payloads before applying rate limits. This vulnerability, CVE-2025-12044, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.16.27, 1.19.11, 1.20.5, and 1.21.0.

EPSS 0.30% · 54.1th percentile

Risk Scores

EPSS Score
0.30%
54.1th percentile

Affected Products

VendorProductVersions
Bitnamivault0.6.0, 1.17.0, 1.20.0
Bitnamivault0.6.0, 1.17.0, 1.20.0

Timeline

  • Oct 23, 2025 CVE Published
  • Oct 23, 2025 Coalition ESS Score
  • Oct 24, 2025 EPSS Score
  • Oct 25, 2025 Coalition ESS Score
  • Oct 25, 2025 PoC Published
  • Oct 27, 2025 Coalition ESS Score
  • Oct 27, 2025 PoC Published
  • Oct 28, 2025 PoC Published
  • Oct 30, 2025 EPSS Score
  • Oct 30, 2025 Coalition ESS Score
  • Nov 5, 2025 EPSS Score
  • Nov 8, 2025 Coalition ESS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›