VDB
WID-SEC-W-2025-2396
WID-SEC-W-2025-2396
PUBLISHED
CVSS 8.699999809265137 HIGH
Vault ist ein identitätsbasiertes System zur Verwaltung von Geheimnissen und Verschlüsselung.
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hashicorp Vault Community Edition <1.21.0 | ||
| Hashicorp Vault Enterprise 1.20.5 | ||
| Hashicorp Vault Enterprise <1.20.5 | ||
| Hashicorp Vault Enterprise 1.16.27 | ||
| Hashicorp Vault Enterprise <1.21.0 | ||
| Hashicorp Vault Community Edition 1.21.0 | ||
| Hashicorp Vault Enterprise 1.19.11 | ||
| Hashicorp Vault Enterprise <1.16.27 | ||
| Hashicorp Vault Enterprise <1.19.11 | ||
| Red Hat Enterprise Linux | ||
| Hashicorp Vault Enterprise 1.21.0 |
Timeline
- Oct 23, 2025 CVE Published
- Nov 24, 2025 CVE Updated
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
References
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2396.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2396 advisory
- https://discuss.hashicorp.com/t/hcsec-2025-30-vault-aws-auth-method-authentication-bypass-through-mishandling-of-cache-entries/76709 url
- https://discuss.hashicorp.com/t/hcsec-2025-31-vault-vulnerable-to-denial-of-service-due-to-rate-limit-regression/76710 url
- https://access.redhat.com/errata/RHSA-2025:21984 url
- https://access.redhat.com/errata/RHSA-2025:21981 url
- https://access.redhat.com/errata/RHSA-2025:21976 url
- https://access.redhat.com/errata/RHSA-2025:21988 url