CVE-2025-6004
Vault Userpass and LDAP User Lockout Bypass
5.3
MEDIUM
CVSS 3.1
EPSS 0.15%
Description
Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
How to fix CVE-2025-6004
To remediate CVE-2025-6004, upgrade the affected package to a fixed version below.
- Bitnami/vault—upgrade to 1.20.1 or later
- —upgrade to 1.20.1 or later
- —upgrade to 1.20.1 or later
Is CVE-2025-6004 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- >= 1.13.0, < 1.20.1
- >= 1.13.0, < 1.20.1
- >= 1.13.0, < 1.20.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |