Security Advisory

CVE-2025-6014

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-01 17:50:09

Last updated 2025-08-01 18:05:37

Assigner HashiCorp

State PUBLISHED

Description

Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

← Browse all CVEs View on cve.org ↗