VDB
CVE-2025-6203
CVE-2025-6203
PUBLISHED
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become unresponsive. This vulnerability, CVE-2025-6203, is fixed in Vault Community Edition 1.20.3 and Vault Enterprise 1.20.3, 1.19.9, 1.18.14, and 1.16.25.
EPSS 0.10% · 28.0th percentile
Risk Scores
EPSS Score
0.10%
28.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | vault | 1.15.0 |
| Bitnami | vault | 1.15.0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-6203 (circl-sighting)
- CIRCL seen: CVE-2025-6203 (circl-sighting)
- CIRCL seen: CVE-2025-6203 (circl-sighting)
- CIRCL seen: CVE-2025-6203 (circl-sighting)
- https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393 (circl)
- image.yaml (github-poc)
- image.yaml (github-poc)
- image.yaml (github-poc)
- image.yaml (github-poc)
- image.yaml (github-poc)
…and 4 more exploits
Timeline
- Aug 28, 2025 CVE Published
- Aug 28, 2025 Coalition ESS Score
- Aug 28, 2025 Coalition ESS Score
- Aug 28, 2025 PoC Published
- Aug 29, 2025 CVE Updated
- Aug 29, 2025 EPSS Score
- Sep 1, 2025 Coalition ESS Score
- Sep 2, 2025 PoC Published
- Sep 2, 2025 PoC Published
- Sep 6, 2025 EPSS Score
- Sep 8, 2025 PoC Published
- Sep 13, 2025 EPSS Score