CVE-2025-6015

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-6015

Severity

Unknown

Description

Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

References

https://images.chainguard.dev/security/CGA-w87q-x4rh-255p
https://github.com/advisories/GHSA-v6r4-35f9-9rpw
https://images.chainguard.dev/security/CGA-jcgw-gqm3-vhm6
https://images.chainguard.dev/security/CGA-f4ch-j4mj-q895
https://images.chainguard.dev/security/CGA-rmfq-f228-xmrv
https://images.chainguard.dev/security/CGA-q5x5-hq38-pqqm
https://images.chainguard.dev/security/CGA-2m4c-qj3w-v2pm
https://images.chainguard.dev/security/CGA-x5wm-vp4r-72jg
https://images.chainguard.dev/security/CGA-hrvw-r846-gpf2
https://discuss.hashicorp.com/t/hcsec-2025-19-vault-login-mfa-bypass-of-rate-limiting-and-totp-token-reuse/76038

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

CVE-2025-6015

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources