CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Hashicorp: >> Vault >> 1.17.17 Security Vulnerabilities

CVE-2025-6011

A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

CVSS Score

3.7

EPSS Score

0.0

Published

2025-08-01

CVE-2025-6014

Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

CVSS Score

6.5

EPSS Score

0.001

Published

2025-08-01

Page 2

Vulnerabilities

Vulnerable Software

Hashicorp: >> Vault >> 1.17.17 Security Vulnerabilities

Products

Pricing

Contact Us