CVE-2025-4656
- Source
- https://cve.org/CVERecord?id=CVE-2025-4656
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-4656.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-4656
- Aliases
- Downstream
- Related
- Published
- 2025-06-25T16:15:11.861Z
- Modified
- 2026-05-28T03:53:53.995791628Z
- Severity
-
- 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- Vault Vulnerable to Recovery Key Cancellation Denial of Service
- Details
-
Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.
- Database specific
{ "cna_assigner": "HashiCorp", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/4xxx/CVE-2025-4656.json", "cwe_ids": [ "CWE-1088" ] }- References