CVE-2025-6015
published 2025-08-01CVE-2025-6015: Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and…
PriorityP430medium5.7CVSS 3.1
AVNACLPRLUIRSUCHINAN
EPSS
0.27%
19.1th percentile
Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_vault | >= 1.10.0 < 1.20.1 | 1.20.1 |
| github.com | openbao_openbao | >= 0 < 0.0.0-20250807113757-8340a6918f6c | 0.0.0-20250807113757-8340a6918f6c |
| github.com | openbao_openbao | >= 0.1.0 < 2.3.2 | 2.3.2 |
| hashicorp | vault | — | — |
| hashicorp | vault | >= 1.10.0 < 1.16.23 | 1.16.23 |
| hashicorp | vault | >= 1.10.0 < 1.20.1 | 1.20.1 |
| hashicorp | vault | >= 1.17.0 < 1.18.12 | 1.18.12 |
| hashicorp | vault | >= 1.19.0 < 1.19.7 | 1.19.7 |
| hashicorp | vault_enterprise | >= 1.10.0 < 1.20.1 | 1.20.1 |
CVSS provenance
nvdv3.15.7MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
ghsa5.7MEDIUM
osv5.7MEDIUM
vendor_redhat5.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability in github.com/hashicorp/vault
osv·2025-08-11
CVE-2025-6015 Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability in github.com/hashicorp/vault
Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability in github.com/hashicorp/vault
Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability in github.com/hashicorp/vault
OSV
OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse
osv·2025-08-08·CVSS 5.7
CVE-2025-55003 [MEDIUM] OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse
OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse
### Impact
OpenBao's Login Multi-Factor Authentication (MFA) system allows enforcing MFA using Time-based One Time Password (TOTP). Due to normalization applied by the underlying TOTP library, codes were accepted which could contain whitespace; this whitespace could bypass internal rate limiting of the MFA method and allow reuse of existing MFA codes.
### Patches
OpenBao v2.3.2 will patch this issue.
### Workarounds
Use of rate-limiting quotas can limit an attacker's ability to exploit this: https://openbao.org/api-docs/system/rate-limit-quotas/
### References
This issue was disclosed to HashiCorp and is the OpenBao equivalent of the following tickets:
- https://discuss.hashicorp.com/t/hcsec-2025-19-vault-login-mfa-byp
GHSA
OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse
ghsa·2025-08-08·CVSS 5.7
CVE-2025-55003 [MEDIUM] CWE-307 OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse
OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse
### Impact
OpenBao's Login Multi-Factor Authentication (MFA) system allows enforcing MFA using Time-based One Time Password (TOTP). Due to normalization applied by the underlying TOTP library, codes were accepted which could contain whitespace; this whitespace could bypass internal rate limiting of the MFA method and allow reuse of existing MFA codes.
### Patches
OpenBao v2.3.2 will patch this issue.
### Workarounds
Use of rate-limiting quotas can limit an attacker's ability to exploit this: https://openbao.org/api-docs/system/rate-limit-quotas/
### References
This issue was disclosed to HashiCorp and is the OpenBao equivalent of the following tickets:
- https://discuss.hashicorp.com/t/hcsec-2025-19-vault-login-mfa-byp
GHSA
Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability
ghsa·2025-08-01
CVE-2025-6015 [MEDIUM] CWE-307 Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability
Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability
Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
OSV
Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability
osv·2025-08-01
CVE-2025-6015 [MEDIUM] Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability
Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability
Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Red Hat
github.com/hashicorp/vault: Vault TOTP Rate Limit Bypass
vendor_redhat·2025-08-01·CVSS 5.7
CVE-2025-6015 [MEDIUM] CWE-307 github.com/hashicorp/vault: Vault TOTP Rate Limit Bypass
github.com/hashicorp/vault: Vault TOTP Rate Limit Bypass
Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
A flaw was found in github.com/hashicorp/vault. The Time-based One-Time Password (TOTP) rate-limiting mechanism can be bypassed, allowing the reuse of TOTP tokens. This vulnerability allows a remote attacker to trigger authentication attempts. Successful exploitation can lead to the repeated use of TOTP tokens during authentication, resulting in unauthorized access.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ea
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-08-01
Published