CVE-2025-4656 — Vulnetix

CVE-2025-4656 PUBLISHED

Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.

EPSS 0.10% · 27.7th percentile

Risk Scores

EPSS Score

0.10%

27.7th percentile

Affected Products

Vendor	Product	Versions
Bitnami	vault	1.14.8
Bitnami	vault	1.14.8

Timeline

Jun 25, 2025 CVE Published
Jun 25, 2025 CVE Updated
Jun 26, 2025 EPSS Score
Jun 26, 2025 Coalition ESS Score
Jul 6, 2025 EPSS Score
Jul 16, 2025 EPSS Score
Jul 26, 2025 EPSS Score
Aug 5, 2025 EPSS Score
Aug 13, 2025 Coalition ESS Score
Aug 15, 2025 EPSS Score
Aug 22, 2025 Coalition ESS Score
Aug 25, 2025 EPSS Score

References

https://discuss.hashicorp.com/t/hcsec-2025-11-vault-vulnerable-to-recovery-key-cancellation-denial-of-service/75570 url
https://nvd.nist.gov/vuln/detail/CVE-2025-4656 url

Open in Interactive Console →