5.7

CVE-2025-55003

EPSS 0.07%
Veröffentlicht 09.08.2025 02:01:43
Zuletzt bearbeitet 12.08.2025 20:39:40
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication (MFA) system allows enforcing MFA using Time-based One Time Password (TOTP). Due to normalization applied by the underlying TOTP library, codes were accepted which could contain whitespace; this whitespace could bypass internal rate limiting of the MFA method and allow reuse of existing MFA codes. This issue was fixed in version 2.3.2. To work around this, use of rate-limiting quotas can limit an attacker's ability to exploit this: https://openbao.org/api-docs/system/rate-limit-quotas/.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openbao ≫ Openbao Version < 2.3.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.203

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.7	2.1	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://discuss.hashicorp.com/t/hcsec-2025-19-vault-login-mfa-bypass-of-rate-limiting-and-totp-token-reuse/76038

Not Applicable

https://github.com/openbao/openbao/security/advisories/GHSA-rxp7-9q75-vj3p

Vendor Advisory

https://github.com/openbao/openbao/commit/8340a6918f6c41d8f75b6c3845c376d9dc32ed19

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-55003

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-55003

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-55003

EUVD