CVE-2025-12044
published 2025-10-23CVE-2025-12044: Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.52%
40.0th percentile
Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393] which allowed for processing JSON payloads before applying rate limits. This vulnerability, CVE-2025-12044, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.16.27, 1.19.11, 1.20.5, and 1.21.0.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_vault | >= 1.20.3 < 1.21.0 | 1.21.0 |
| hashicorp | vault | >= 1.16.25 < 1.16.27 | 1.16.27 |
| hashicorp | vault | 1.18.14 – 1.18.15 | — |
| hashicorp | vault | 1.19.9 – 1.19.11 | — |
| hashicorp | vault | >= 1.20.3 < 1.20.5 | 1.20.5 |
| hashicorp | vault | >= 1.20.3 < 1.21.0 | 1.21.0 |
| hashicorp | vault_enterprise | >= 1.16.25 < 1.16.27 | 1.16.27 |
| hashicorp | vault_enterprise | >= 1.18.14 < 1.18.15 | 1.18.15 |
| hashicorp | vault_enterprise | >= 1.19.9 < 1.19.11 | 1.19.11 |
| hashicorp | vault_enterprise | >= 1.20.3 < 1.21.0 | 1.21.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON in github.com/hashicorp/vault
osv·2025-10-30
CVE-2025-12044 Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON in github.com/hashicorp/vault
Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON in github.com/hashicorp/vault
Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON in github.com/hashicorp/vault
GHSA
Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON
ghsa·2025-10-23·CVSS 7.5
CVE-2025-12044 [HIGH] CWE-770 Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON
Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON
Vault and Vault Enterprise ("Vault") are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393] which allowed for processing JSON payloads before applying rate limits. This vulnerability, CVE-2025-12044, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.16.27, 1.19.11, 1.20.5, and 1.21.0.
OSV
Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON
osv·2025-10-23·CVSS 7.5
CVE-2025-12044 [HIGH] Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON
Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON
Vault and Vault Enterprise ("Vault") are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393] which allowed for processing JSON payloads before applying rate limits. This vulnerability, CVE-2025-12044, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.16.27, 1.19.11, 1.20.5, and 1.21.0.
Red Hat
github.com/hashicorp/vault: Vault Vulnerable to Denial of Service Due to Rate Limit Regression
vendor_redhat·2025-10-23·CVSS 7.5
CVE-2025-12044 [HIGH] CWE-770 github.com/hashicorp/vault: Vault Vulnerable to Denial of Service Due to Rate Limit Regression
github.com/hashicorp/vault: Vault Vulnerable to Denial of Service Due to Rate Limit Regression
Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393] which allowed for processing JSON payloads before applying rate limits. This vulnerability, CVE-2025-12044, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.16.27, 1.19.11, 1.20.5, and 1.21.0.
A denial of service flaw has been discovered in Hashicorp's vault product. Vault is vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regr
Citrix
Citrix Security Bulletin CTX249976
vendor_citrix·CVSS 7.5
CVE-2019-12044 [HIGH] Citrix Security Bulletin CTX249976
Citrix Security Bulletin CTX249976
CVE References: CVE-2019-12044, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-23
Published