CVE-2025-6004

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-6004

Severity

Unknown

Description

Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

References

https://images.chainguard.dev/security/CGA-59q3-xw5q-pxm4
https://github.com/advisories/GHSA-qgj7-fmq2-6cc4
https://images.chainguard.dev/security/CGA-46gm-h2q8-fcxh
https://images.chainguard.dev/security/CGA-gpm7-cfpq-6pvf
https://images.chainguard.dev/security/CGA-q978-f8x5-x2m2
https://images.chainguard.dev/security/CGA-3h5m-6h3f-h34c
https://images.chainguard.dev/security/CGA-c7x9-6cw4-v2v2
https://images.chainguard.dev/security/CGA-5v49-6vrv-w33r
https://images.chainguard.dev/security/CGA-wj3p-93m2-wrp6
https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

CVE-2025-6004

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources