CVE-2025-6203
published 2025-08-28CVE-2025-6203: A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.70%
48.4th percentile
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become unresponsive. This vulnerability, CVE-2025-6203, is fixed in Vault Community Edition 1.20.3 and Vault Enterprise 1.20.3, 1.19.9, 1.18.14, and 1.16.25.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_vault | >= 0 < 1.20.3 | 1.20.3 |
| github.com | openbao_openbao | >= 0 < 2.4.1 | 2.4.1 |
| hashicorp | vault | >= 1.15.0 < 1.16.27 | 1.16.27 |
| hashicorp | vault | >= 1.15.0 < 1.21.0 | 1.21.0 |
| hashicorp | vault | >= 1.18.0 < 1.18.15 | 1.18.15 |
| hashicorp | vault | >= 1.19.0 < 1.19.11 | 1.19.11 |
| hashicorp | vault | >= 1.20.0 < 1.20.5 | 1.20.5 |
| hashicorp | vault_enterprise | >= 1.15.0 < 1.21.2 | 1.21.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
github.com/hashicorp/vault: Vault unauthenticated denial of service
vendor_redhat·2025-08-28·CVSS 7.5
CVE-2025-6203 [HIGH] CWE-770 github.com/hashicorp/vault: Vault unauthenticated denial of service
github.com/hashicorp/vault: Vault unauthenticated denial of service
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become unresponsive. This vulnerability, CVE-2025-6203, is fixed in Vault Community Edition 1.20.3 and Vault Enterprise 1.20.3, 1.19.9, 1.18.14, and 1.16.25.
A denial of service flaw has been discovered in Hashicorp's vault secret storage project. A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit, which results in excessive memory and CPU consumption of Vault. This may lead to
OSV
OpenBao has potential Denial of Service vulnerability when processing malicious unauthenticated JSON requests
osv·2025-10-17·CVSS 7.5
CVE-2025-59043 [HIGH] OpenBao has potential Denial of Service vulnerability when processing malicious unauthenticated JSON requests
OpenBao has potential Denial of Service vulnerability when processing malicious unauthenticated JSON requests
### Summary
JSON objects after decoding might use more memory than their serialized version. It is possible to tune a JSON to maximize the factor between serialized memory usage and deserialized memory usage (similar to a zip bomb). While reproducing the issue, we could reach a factor of about 35. This can be used to circumvent the [`max_request_size` (https://openbao.org/docs/configuration/listener/tcp/) configuration parameter, which is meant to protect against Denial of Service attacks, and also makes Denial of Service attacks easier in general, as the attacker needs much less resources.
### Details
The request body is parsed into a `map[string]interface{}` https://github.co
GHSA
OpenBao has potential Denial of Service vulnerability when processing malicious unauthenticated JSON requests
ghsa·2025-10-17·CVSS 7.5
CVE-2025-59043 [HIGH] CWE-400 OpenBao has potential Denial of Service vulnerability when processing malicious unauthenticated JSON requests
OpenBao has potential Denial of Service vulnerability when processing malicious unauthenticated JSON requests
### Summary
JSON objects after decoding might use more memory than their serialized version. It is possible to tune a JSON to maximize the factor between serialized memory usage and deserialized memory usage (similar to a zip bomb). While reproducing the issue, we could reach a factor of about 35. This can be used to circumvent the [`max_request_size` (https://openbao.org/docs/configuration/listener/tcp/) configuration parameter, which is meant to protect against Denial of Service attacks, and also makes Denial of Service attacks easier in general, as the attacker needs much less resources.
### Details
The request body is parsed into a `map[string]interface{}` https://github.co
OSV
HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads in github.com/hashicorp/vault
osv·2025-09-08
CVE-2025-6203 HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads in github.com/hashicorp/vault
HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads in github.com/hashicorp/vault
HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads in github.com/hashicorp/vault
OSV
HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads
osv·2025-08-28·CVSS 7.5
CVE-2025-6203 [HIGH] HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads
HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become unresponsive. This vulnerability, CVE-2025-6203, is fixed in Vault Community Edition 1.20.3 and Vault Enterprise 1.20.3, 1.19.9, 1.18.14, and 1.16.25.
GHSA
HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads
ghsa·2025-08-28·CVSS 7.5
CVE-2025-6203 [HIGH] CWE-770 HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads
HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become unresponsive. This vulnerability, CVE-2025-6203, is fixed in Vault Community Edition 1.20.3 and Vault Enterprise 1.20.3, 1.19.9, 1.18.14, and 1.16.25.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-08-28
Published