Metrics
Affected Vendors & Products
Sun, 31 Aug 2025 08:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Hashicorp
Hashicorp vault Hashicorp vault Enterprise |
|
Vendors & Products |
Hashicorp
Hashicorp vault Hashicorp vault Enterprise |
Fri, 29 Aug 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 29 Aug 2025 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 28 Aug 2025 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 28 Aug 2025 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 28 Aug 2025 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become unresponsive. This vulnerability, CVE-2025-6203, is fixed in Vault Community Edition 1.20.3 and Vault Enterprise 1.20.3, 1.19.9, 1.18.14, and 1.16.25. | |
Title | Vault unauthenticated denial of service through complex json payload | |
Weaknesses | CWE-770 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: HashiCorp
Published:
Updated: 2025-08-29T13:36:52.434Z
Reserved: 2025-06-17T13:39:36.506Z
Link: CVE-2025-6203

Updated: 2025-08-29T13:36:49.616Z

Status : Awaiting Analysis
Published: 2025-08-28T20:15:43.817
Modified: 2025-08-29T16:24:29.730
Link: CVE-2025-6203


Updated: 2025-08-31T08:41:43Z