CVE-2025-4656

Summary

Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.

Affected Software

VendorProductVersion RangeStatus
HashiCorpVault1.14.8 < 1.20.0affected
HashiCorpVault Enterprise1.14.8 < 1.20.0affected

Weaknesses

  • CWE-1088: CWE-1088: Synchronous Access of Remote Resource without Timeout

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References