CVE-2025-4656
LOWDescription
Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| hashicorp | vault |
| hashicorp | vault |
| hashicorp | vault |
| hashicorp | vault |
| hashicorp | vault |
References
Frequently Asked Questions
What is CVE-2025-4656? +
How severe is CVE-2025-4656? +
What products are affected by CVE-2025-4656? +
How do I check if I'm vulnerable to CVE-2025-4656? +
Related Vulnerabilities
In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the …
A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a …
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking …
HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect …
A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying …
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to …