CVE-2025-6004
published 2025-08-01CVE-2025-6004: Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition…
PriorityP430medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.38%
29.9th percentile
Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_vault | >= 1.13.0 < 1.20.1 | 1.20.1 |
| github.com | openbao_openbao | >= 0 < 0.0.0-20250807212521-c52795c1ef74 | 0.0.0-20250807212521-c52795c1ef74 |
| github.com | openbao_openbao | >= 0.1.0 < 2.3.2 | 2.3.2 |
| hashicorp | vault | — | — |
| hashicorp | vault | >= 1.13.0 < 1.16.23 | 1.16.23 |
| hashicorp | vault | >= 1.13.0 < 1.20.1 | 1.20.1 |
| hashicorp | vault | >= 1.17.0 < 1.18.12 | 1.18.12 |
| hashicorp | vault | >= 1.19.0 < 1.19.7 | 1.19.7 |
| hashicorp | vault_enterprise | >= 1.13.0 < 1.20.1 | 1.20.1 |
| msrc | azl3_libssh_0.10.5-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_libssh_0.10.6-1_on_azure_linux_3.0 | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
ghsa5.3MEDIUM
osv5.3MEDIUM
vendor_redhat5.3MEDIUM
vendor_msrc4.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Hashicorp Vault has Lockout Feature Authentication Bypass in github.com/hashicorp/vault
osv·2025-08-11
CVE-2025-6004 Hashicorp Vault has Lockout Feature Authentication Bypass in github.com/hashicorp/vault
Hashicorp Vault has Lockout Feature Authentication Bypass in github.com/hashicorp/vault
Hashicorp Vault has Lockout Feature Authentication Bypass in github.com/hashicorp/vault
OSV
OpenBao Userpass and LDAP User Lockout Bypass
osv·2025-08-08·CVSS 5.3
CVE-2025-54998 [MEDIUM] OpenBao Userpass and LDAP User Lockout Bypass
OpenBao Userpass and LDAP User Lockout Bypass
### Impact
Attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by different aliasing between pre-flight and full login request user entity alias attributions.
### Patches
OpenBao v2.3.2 will patch this issue.
### Workarounds
Existing users may apply rate-limiting quotas on the authentication endpoints: https://openbao.org/api-docs/system/rate-limit-quotas/
### References
This issue was disclosed to HashiCorp and is the OpenBao equivalent of the following tickets:
- https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035
- https://nvd.nist.gov/vuln/detail/CVE-2025-6004
GHSA
OpenBao Userpass and LDAP User Lockout Bypass
ghsa·2025-08-08·CVSS 5.3
CVE-2025-54998 [MEDIUM] CWE-307 OpenBao Userpass and LDAP User Lockout Bypass
OpenBao Userpass and LDAP User Lockout Bypass
### Impact
Attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by different aliasing between pre-flight and full login request user entity alias attributions.
### Patches
OpenBao v2.3.2 will patch this issue.
### Workarounds
Existing users may apply rate-limiting quotas on the authentication endpoints: https://openbao.org/api-docs/system/rate-limit-quotas/
### References
This issue was disclosed to HashiCorp and is the OpenBao equivalent of the following tickets:
- https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035
- https://nvd.nist.gov/vuln/detail/CVE-2025-6004
GHSA
Hashicorp Vault has Lockout Feature Authentication Bypass
ghsa·2025-08-01
CVE-2025-6004 [MEDIUM] CWE-307 Hashicorp Vault has Lockout Feature Authentication Bypass
Hashicorp Vault has Lockout Feature Authentication Bypass
Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
OSV
Hashicorp Vault has Lockout Feature Authentication Bypass
osv·2025-08-01
CVE-2025-6004 [MEDIUM] Hashicorp Vault has Lockout Feature Authentication Bypass
Hashicorp Vault has Lockout Feature Authentication Bypass
Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Red Hat
github.com/hashicorp/vault: Vault Userpass/LDAP Lockout Bypass Vulnerability
vendor_redhat·2025-08-01·CVSS 5.3
CVE-2025-6004 [MEDIUM] CWE-307 github.com/hashicorp/vault: Vault Userpass/LDAP Lockout Bypass Vulnerability
github.com/hashicorp/vault: Vault Userpass/LDAP Lockout Bypass Vulnerability
Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
A flaw was found in github.com/hashicorp/vault. The user lockout feature for Userpass and LDAP authentication methods can be bypassed, allowing an attacker to circumvent account lockout restrictions. This circumvention occurs without requiring prior authentication or knowledge of user credentials. This vulnerability allows an unauthorized actor to potentially gain access to resources usually protected by the lockout mechanism. This bypass affects authentication processes and may result in unau
Microsoft
Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname
vendor_msrc·2024-01-09·CVSS 4.8
CVE-2023-6004 [MEDIUM] CWE-74 Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname
Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
redhat: redhat
Customer Action Required: Yes
Remediation: CBL-Marin
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-08-01
Published