{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6004", "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "state": "PUBLISHED", "assignerShortName": "HashiCorp", "dateReserved": "2025-06-11T18:36:41.720Z", "datePublished": "2025-08-01T17:56:00.780Z", "dateUpdated": "2025-08-01T19:11:52.729Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [{"lessThan": "1.20.1", "status": "affected", "version": "1.13.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "product": "Vault Enterprise", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [{"changes": [{"at": "1.19.7", "status": "unaffected"}, {"at": "1.18.12", "status": "unaffected"}, {"at": "1.16.23", "status": "unaffected"}], "lessThan": "1.20.1", "status": "affected", "version": "1.13.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Vault and Vault Enterprise\u2019s (\u201cVault\u201d) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.</p><br/>"}], "value": "Vault and Vault Enterprise\u2019s (\u201cVault\u201d) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23."}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153: Input Data Manipulation"}]}], "metrics": [{"cvssV3_1": {"baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-307", "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp", "dateUpdated": "2025-08-01T17:56:00.780Z"}, "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035"}], "source": {"advisory": "HCSEC-2025-16", "discovery": "EXTERNAL"}, "title": "Vault Userpass and LDAP User Lockout Bypass"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-01T19:11:39.816519Z", "id": "CVE-2025-6004", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-01T19:11:52.729Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6004", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-01T19:11:39.816519Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-01T19:11:45.772Z"}}], "cna": {"title": "Vault Userpass and LDAP User Lockout Bypass", "source": {"advisory": "HCSEC-2025-16", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153: Input Data Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "product": "Vault", "versions": [{"status": "affected", "version": "1.13.0", "lessThan": "1.20.1", "versionType": "semver"}], "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "defaultStatus": "unaffected"}, {"repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "product": "Vault Enterprise", "versions": [{"status": "affected", "changes": [{"at": "1.19.7", "status": "unaffected"}, {"at": "1.18.12", "status": "unaffected"}, {"at": "1.16.23", "status": "unaffected"}], "version": "1.13.0", "lessThan": "1.20.1", "versionType": "semver"}], "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035"}], "descriptions": [{"lang": "en", "value": "Vault and Vault Enterprise\u2019s (\u201cVault\u201d) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.", "supportingMedia": [{"type": "text/html", "value": "<p>Vault and Vault Enterprise\u2019s (\u201cVault\u201d) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.</p><br/>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-307", "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts"}]}], "providerMetadata": {"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp", "dateUpdated": "2025-08-01T17:56:00.780Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6004", "state": "PUBLISHED", "dateUpdated": "2025-08-01T19:11:52.729Z", "dateReserved": "2025-06-11T18:36:41.720Z", "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "datePublished": "2025-08-01T17:56:00.780Z", "assignerShortName": "HashiCorp"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "542A9325-2419-4AC7-95D9-141E27277F9E", "versionEndExcluding": "1.16.23", "versionStartIncluding": "1.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", "matchCriteriaId": "87E48B5F-7A4D-4AF5-9E12-339E1C239279", "versionEndExcluding": "1.20.1", "versionStartIncluding": "1.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "9E750D53-BBA7-4922-85CA-E55852B0A23A", "versionEndExcluding": "1.18.12", "versionStartIncluding": "1.17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "EE2F3725-EADA-4406-9D63-8EDAF161CE2A", "versionEndExcluding": "1.19.7", "versionStartIncluding": "1.19.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:1.20.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "562AD4B9-82F5-45C4-9214-7428247B790A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vault and Vault Enterprise\u2019s (\u201cVault\u201d) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23."}, {"lang": "es", "value": "La funci\u00f3n de bloqueo de usuarios de Vault y Vault Enterprise (Vault) pod\u00eda omitirse para los m\u00e9todos de autenticaci\u00f3n Userpass y LDAP. Corregido en Vault Community Edition 1.20.1 y Vault Enterprise 1.20.1, 1.19.7, 1.18.12 y 1.16.23."}], "id": "CVE-2025-6004", "lastModified": "2025-08-13T18:10:19.797", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@hashicorp.com", "type": "Secondary"}]}, "published": "2025-08-01T18:15:56.570", "references": [{"source": "security@hashicorp.com", "tags": ["Vendor Advisory"], "url": "https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035"}], "sourceIdentifier": "security@hashicorp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-307"}], "source": "security@hashicorp.com", "type": "Secondary"}]}

{"bugzilla": {"description": "github.com/hashicorp/vault: Vault Userpass/LDAP Lockout Bypass Vulnerability", "id": "2386035", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2386035"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-307", "details": ["Vault and Vault Enterprise\u2019s (\u201cVault\u201d) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-6004", "package_state": [{"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Fix deferred", "package_name": "cert-manager/cert-manager-operator-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Fix deferred", "package_name": "cert-manager/jetstack-cert-manager-acmesolver-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Fix deferred", "package_name": "cert-manager/jetstack-cert-manager-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:external_secrets_operator:0", "fix_state": "Fix deferred", "package_name": "external-secrets-operator/external-secrets-operator-rhel9", "product_name": "external secrets operator for Red Hat OpenShift - Tech Preview"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Will not fix", "package_name": "odf4/cephcsi-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Will not fix", "package_name": "odf4/mcg-cli-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Will not fix", "package_name": "odf4/mcg-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Will not fix", "package_name": "odf4/odf-cli-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Will not fix", "package_name": "rhtas/client-server-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Will not fix", "package_name": "rhtas/fulcio-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}], "public_date": "2025-08-01T17:56:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-6004\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-6004\nhttps://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035\nhttps://github.com/advisories/GHSA-qgj7-fmq2-6cc4"], "threat_severity": "Moderate"}

{"created": "2025-08-04T08:58:50.971277+00:00", "updated": "2025-08-04T08:58:50.971412+00:00", "vendors": ["hashicorp", "hashicorp$PRODUCT$vault", "hashicorp$PRODUCT$vault_enterprise"]}