CVE-2025-6013

EUVD-2025-23817
Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and 1.16.24.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
HashiCorpCNA
6.5 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
hashicorpvault
1.10.0 ≤
𝑥
≤ 1.15.16
hashicorpvault
1.10.0 ≤
𝑥
< 1.20.2
hashicorpvault
1.16.0 ≤
𝑥
< 1.16.24
hashicorpvault
1.17.0 ≤
𝑥
< 1.18.13
hashicorpvault
1.19.0 ≤
𝑥
< 1.19.8
hashicorpvault
1.20.0 ≤
𝑥
< 1.20.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://discuss.hashicorp.com/t/hcsec-2025-20-vault-ldap-mfa-enforcement-bypass-when-using-username-as-alias/76092