Security Advisory

CVE-2025-6015

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-01 18:03:53

Last updated 2025-08-01 18:35:17

Assigner HashiCorp

State PUBLISHED

Description

Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

← Browse all CVEs View on cve.org ↗