User Lockout Bypass in Vault by HashiCorp
CVE-2025-6004
5.3MEDIUM
What is CVE-2025-6004?
A vulnerability exists in HashiCorp's Vault and Vault Enterprise products that allows the user lockout feature to be bypassed when using Userpass and LDAP authentication methods. This means that attackers could potentially gain unauthorized access to user accounts, posing a significant security risk. The issue has been addressed in the latest versions, specifically Vault Community Edition 1.20.1 and Vault Enterprise versions 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Affected Version(s)
Vault 64 bit 1.13.0 < 1.20.1
Vault Enterprise 64 bit 1.13.0 < 1.20.1