7.5
CVE-2025-12044
- EPSS 0.11%
- Veröffentlicht 23.10.2025 19:15:16
- Zuletzt bearbeitet 27.10.2025 13:20:15
- Quelle security@hashicorp.com
- CVE-Watchlists
- Unerledigt
Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393] which allowed for processing JSON payloads before applying rate limits. This vulnerability, CVE-2025-12044, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.16.27, 1.19.11, 1.20.5, and 1.21.0.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerHashiCorp
≫
Produkt
Vault
Default Statusunaffected
Version <
1.21.0
Version
1.20.3
Status
affected
HerstellerHashiCorp
≫
Produkt
Vault Enterprise
Default Statusunaffected
Version <
1.21.0
Version
1.20.3
Status
affected
Version <
1.19.11
Version
1.19.9
Status
affected
Version <
1.18.15
Version
1.18.14
Status
affected
Version <
1.16.27
Version
1.16.25
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.299 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@hashicorp.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.