CVE-2025-4656

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-4656

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-4656.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-4656

Aliases

Published

2025-06-25T17:15:38Z

Modified

2025-08-15T20:30:38Z

Summary

[none]

Details

Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.

References

https://discuss.hashicorp.com/t/hcsec-2025-11-vault-vulnerable-to-recovery-key-cancellation-denial-of-service/75570

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type: GIT
Repo: https://github.com/hashicorp/vault
Events: Introduced

446f213c47cabf47d52d065647ef666ce4bf8692

Fixed

6fdd6b59e97d97a9e19b0fb5304bf879c190295e