CVE-2025-6011

A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

CVSS v3 3.7 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://discuss.hashicorp.com/t/hcsec-2025-15-timing-side-channel-in-vault-s-userpass-auth-method/76034	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hashicorp:vault:::::enterprise:::*
	cpe:2.3:a:hashicorp:vault:::::-:::*
	cpe:2.3:a:hashicorp:vault:::::enterprise:::*
	cpe:2.3:a:hashicorp:vault:::::enterprise:::*
	cpe:2.3:a:hashicorp:vault:1.20.0::::enterprise:::

History

13 Aug 2025, 18:10

Type	Values Removed	Values Added
References	~~() https://discuss.hashicorp.com/t/hcsec-2025-15-timing-side-channel-in-vault-s-userpass-auth-method/76034 -~~	() https://discuss.hashicorp.com/t/hcsec-2025-15-timing-side-channel-in-vault-s-userpass-auth-method/76034 - Vendor Advisory
CPE		cpe:2.3:a:hashicorp:vault:::::enterprise:::* cpe:2.3:a:hashicorp:vault:::::-:::* cpe:2.3:a:hashicorp:vault:1.20.0::::enterprise:::
First Time		Hashicorp Hashicorp vault

04 Aug 2025, 15:06

Type	Values Removed	Values Added
Summary		(es) Un canal lateral de temporización en el método de autenticación por contraseña de usuario de Vault y Vault Enterprise (Vault) permitía a un atacante distinguir entre usuarios existentes y no existentes, y potencialmente enumerar nombres de usuario válidos para el método de autenticación por contraseña de Vault. Corregido en Vault Community Edition 1.20.1 y Vault Enterprise 1.20.1, 1.19.7, 1.18.12 y 1.16.23.

01 Aug 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-01 18:15

Updated : 2025-08-13 18:10

NVD link : CVE-2025-6011

Mitre link : CVE-2025-6011

CVE.ORG link : CVE-2025-6011

JSON object : View

Products Affected

hashicorp

vault

CWE

CWE-203

Observable Discrepancy

{"id": "CVE-2025-6011", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@hashicorp.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2025-08-01T18:15:56.713", "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2025-15-timing-side-channel-in-vault-s-userpass-auth-method/76034", "tags": ["Vendor Advisory"], "source": "security@hashicorp.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@hashicorp.com", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "A timing side channel in Vault and Vault Enterprise\u2019s (\u201cVault\u201d) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault\u2019s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23."}, {"lang": "es", "value": "Un canal lateral de temporizaci\u00f3n en el m\u00e9todo de autenticaci\u00f3n por contrase\u00f1a de usuario de Vault y Vault Enterprise (Vault) permit\u00eda a un atacante distinguir entre usuarios existentes y no existentes, y potencialmente enumerar nombres de usuario v\u00e1lidos para el m\u00e9todo de autenticaci\u00f3n por contrase\u00f1a de Vault. Corregido en Vault Community Edition 1.20.1 y Vault Enterprise 1.20.1, 1.19.7, 1.18.12 y 1.16.23."}], "lastModified": "2025-08-13T18:10:13.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "FACD8B3A-DF81-45FE-A046-C52946E2FCC4", "versionEndExcluding": "1.16.23"}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "3AC59271-E95C-433B-A789-F30C3DDBD579", "versionEndExcluding": "1.20.1"}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "9E750D53-BBA7-4922-85CA-E55852B0A23A", "versionEndExcluding": "1.18.12", "versionStartIncluding": "1.17.0"}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "EE2F3725-EADA-4406-9D63-8EDAF161CE2A", "versionEndExcluding": "1.19.7", "versionStartIncluding": "1.19.0"}, {"criteria": "cpe:2.3:a:hashicorp:vault:1.20.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "562AD4B9-82F5-45C4-9214-7428247B790A"}], "operator": "OR"}]}], "sourceIdentifier": "security@hashicorp.com"}