Security Advisory

CVE-2025-13357

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-21 15:02:27

Last updated 2026-04-17 17:57:56

Assigner HashiCorp

State PUBLISHED

Description

Vault’s Terraform Provider incorrectly set the default deny_null_bind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. This vulnerability, CVE-2025-13357, is fixed in Vault Terraform Provider v5.5.0.

← Browse all CVEs View on cve.org ↗