Security Advisory

CVE-2025-6004

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-01 17:56:00

Last updated 2025-08-01 19:11:52

Assigner HashiCorp

State PUBLISHED

Description

Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

← Browse all CVEs View on cve.org ↗