Denial of Service Vulnerability in HashiCorp Vault and Vault Enterprise
CVE-2025-12044

7.5HIGH

Key Information:

Vendor

Hashicorp
Status
Vault
Vault Enterprise
Vendor
CVE Published:
23 October 2025

Badges

πŸ“ˆ Score: 569πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

What is CVE-2025-12044?

CVE-2025-12044 is a denial of service (DoS) vulnerability found in HashiCorp Vault and Vault Enterprise, which are widely used solutions for managing secrets and protecting sensitive data across various applications and services. The vulnerability arises from the way these products handle JSON payloads, specifically due to a regression introduced following a previous fix aimed at enhancing security through rate limiting. As a result, an attacker can send crafted JSON requests that could overload the system, making it unresponsive and unavailable to legitimate users. This can severely disrupt applications relying on Vault for secret management, resulting in potential downtime and loss of access to critical services and automated processes.

Potential impact of CVE-2025-12044

  1. Service Disruption: The primary impact of this vulnerability is the potential for complete service interruption. Organizations that depend on HashiCorp Vault for managing secrets may experience outages or degraded performance, which can hinder business operations and critical infrastructure functionality.

  2. Operational Inefficiencies: With the denial of service caused by this vulnerability, operations that rely on Vault for secure data access could face inefficiencies or delays. This can lead to increased workload for IT teams to mitigate the impact, further straining resources.

  3. Risk of Escalating Attacks: Although not currently exploited in the wild, the presence of this vulnerability provides an opportunity for attackers to target organizations that do not promptly address it. The disclosed nature of the issue raises awareness, potentially leading to increased scanning and probing of vulnerable Vault instances, which could be precursors to more significant cyberattacks.

Affected Version(s)

Vault 64 bit 1.20.3 < 1.21.0

Vault Enterprise 64 bit 1.20.3 < 1.21.0

Vault Enterprise 64 bit 1.19.9 < 1.19.11

News Articles

favicon imageCybersecurityNews

HashiCorp Vault Vulnerabilities Let Attack Bypass Authentication And Trigger DoS Attack

HashiCorp has disclosed two critical vulnerabilities in its Vault software that could allow attackers to bypass authentication controls and launch denial-of-service (DoS) attacks.

References

https://discuss.hashicorp.com/t/hcsec-2025-31-vault-vulne...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by CybersecurityNews

  • Vulnerability published

  • Vulnerability Reserved

JSON
.