CVE-2025-12044
HIGH7.5EPSS 0.30%Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON in github.com/hashicorp/vault
Published: 10/23/2025Modified: 2/4/2026
Description
Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON in github.com/hashicorp/vault
Affected packages (3)
- Bitnami/vault>= 0.6.0, < 1.16.27, >= 1.17.0, < 1.19.11, >= 1.20.0, < 1.21.0
- Go/github.com/hashicorp/vault>= 1.20.3, < 1.21.0
- Go/github.com/hashicorp/vault>= 1.20.3, < 1.21.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References (6)
- ADVISORYhttps://github.com/advisories/GHSA-vp5w-xcfc-73wf
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-12044
- PATCHhttps://github.com/hashicorp/vault
- WEBhttps://discuss.hashicorp.com/t/hcsec-2025-31-vault-vulnerable-to-denial-of-service-due-to-rate-limit-regression/76710
- WEBhttps://github.com/hashicorp/vault/commit/b19e74c29a33ed2a99fc01626104db1a49345df3
- WEBhttps://github.com/hashicorp/vault/commit/eedc2b7426f30e57e306229ce697ce81e203ab89