CVE-2025-4656
published 2025-06-25CVE-2025-4656: Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator…
PriorityP412low3.1CVSS 3.1
AVNACHPRNUIRSUCNINAL
EPSS
0.21%
11.8th percentile
Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_vault | >= 1.14.8 < 1.20.0 | 1.20.0 |
| hashicorp | vault | >= 1.14.8 < 1.16.22 | 1.16.22 |
| hashicorp | vault | >= 1.14.8 < 1.20.0 | 1.20.0 |
| hashicorp | vault | >= 1.17.0 < 1.17.17 | 1.17.17 |
| hashicorp | vault | >= 1.18.0 < 1.18.11 | 1.18.11 |
| hashicorp | vault | >= 1.19.0 < 1.19.6 | 1.19.6 |
| hashicorp | vault_enterprise | >= 1.14.8 < 1.20.0 | 1.20.0 |
CVSS provenance
nvdv3.13.1LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
ghsa3.1LOW
osv3.1LOW
vendor_redhat3.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Vault Community Edition rekey and recovery key operations can cause denial of service in github.com/hashicorp/vault
osv·2025-07-28
CVE-2025-4656 Vault Community Edition rekey and recovery key operations can cause denial of service in github.com/hashicorp/vault
Vault Community Edition rekey and recovery key operations can cause denial of service in github.com/hashicorp/vault
Vault Community Edition rekey and recovery key operations can cause denial of service in github.com/hashicorp/vault
OSV
Vault Community Edition rekey and recovery key operations can cause denial of service
osv·2025-06-26·CVSS 3.1
CVE-2025-4656 [LOW] Vault Community Edition rekey and recovery key operations can cause denial of service
Vault Community Edition rekey and recovery key operations can cause denial of service
Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.
GHSA
Vault Community Edition rekey and recovery key operations can cause denial of service
ghsa·2025-06-26·CVSS 3.1
CVE-2025-4656 [LOW] CWE-1088 Vault Community Edition rekey and recovery key operations can cause denial of service
Vault Community Edition rekey and recovery key operations can cause denial of service
Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.
Red Hat
github.com/hashicorp/vault: Vault Denial of Service
vendor_redhat·2025-06-25·CVSS 3.1
CVE-2025-4656 [LOW] CWE-1088 github.com/hashicorp/vault: Vault Denial of Service
github.com/hashicorp/vault: Vault Denial of Service
Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.
A key handling flaw has been discovered in Vault. The rekey and recovery key operations may lead to a denial of service in the vault application due to uncontrolled cancellations of these operations.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-25
Published