CVE-2025-6004 — Improper Restriction of Excessive Authentication Attempts in Vault Enterprise

CWE-307 — Improper Restriction of Excessive Authentication Attempts CWE-74 — Injection8 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 83.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hashicorp Vault Enterprise Github.com Hashicorp Vault Github.com Openbao Openbao +3 more

Timeline

PublishedAug 1

Latest updateAug 11

Description

Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages6 packages

▶CVEListV5hashicorp/vault_enterprise1.13.0 — 1.20.1

▶NVDhashicorp/vault1.13.0 — 1.16.23+4

▶Gogithub.com/hashicorp_vault1.13.0 — 1.20.1

▶Gogithub.com/openbao_openbao0.1.0 — 2.3.2+1

▶msrcmsrc/azl3_libssh_0.10.5-2_on_azure_linux_3.0

🔴Vulnerability Details

OSV

Hashicorp Vault has Lockout Feature Authentication Bypass in github.com/hashicorp/vault↗2025-08-11

▶

OSV

OpenBao Userpass and LDAP User Lockout Bypass↗2025-08-08

▶

GHSA

OpenBao Userpass and LDAP User Lockout Bypass↗2025-08-08

▶

GHSA

Hashicorp Vault has Lockout Feature Authentication Bypass↗2025-08-01

▶

OSV

Hashicorp Vault has Lockout Feature Authentication Bypass↗2025-08-01

▶

📋Vendor Advisories

Red Hat

github.com/hashicorp/vault: Vault Userpass/LDAP Lockout Bypass Vulnerability↗2025-08-01

▶

Microsoft

Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname↗2024-01-09

▶