Denial of Service Vulnerability in HashiCorp Vault and Vault Enterprise
CVE-2025-12044

7.5HIGH

Key Information:

Vendor: Hashicorp
Status: Vault; Vault Enterprise
Vendor: CVE Published:; 23 October 2025

What is CVE-2025-12044?

HashiCorp Vault and Vault Enterprise exhibit a vulnerability that can lead to an unauthenticated denial of service when handling complex JSON payloads. This issue arises from a regression in the implementation of rate limiting, allowing the system to be overwhelmed by unregulated payloads. It is crucial for users to upgrade to the fixed versions, as the flaw could lead to significant service disruptions.

Affected Version(s)

Vault 64 bit 1.20.3 < 1.21.0

Vault Enterprise 64 bit 1.20.3 < 1.21.0

Vault Enterprise 64 bit 1.19.9 < 1.19.11

References

https://discuss.hashicorp.com/t/hcsec-2025-31-vault-vulne...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2025
Vulnerability Reserved
Oct 21, 2025

JSON

Hashicorp

What is CVE-2025-12044?

Affected Version(s)

References

CVSS V3.1

Timeline