Tracked as CVE-2025-6203 and published on August 28, 2025, the flaw affects both Vault Community and Enterprise editions from version 1.15.0 up to several patched releases.
Operators are urged to upgrade to Vault 1.20.3 (Community and Enterprise), 1.19.9, 1.18.14, or 1.16.25 to mitigate the issue.
Vault’s audit devices are responsible for logging every request interaction before completing the request.
A malicious user can submit a payload that meets the default max_request_size limit (32 MiB by default) but leverages deeply nested JSON structures or excessive entries to force extreme CPU and memory usage in the audit subroutine.
As the JSON parser recurses through long string values or high object entry counts, memory consumption spikes, triggering timeouts and causing the Vault server to become unresponsive.
HashiCorp has introduced new listener configuration options to further harden Vault against abusive JSON payloads. The TCP listener may now be configured with:
Operators can find detailed guidance in the API documentation for listener parameters and the Vault upgrade guide.
HashiCorp acknowledges Darrell Bethea, Ph.D., of Indeed for responsibly reporting this vulnerability.
| Risk Factors | Details |
| Affected Products | Vault Community and Vault Enterprise 1.15.0 through 1.20.2, 1.19.8, 1.18.13, and 1.16.24 |
| Impact | Denial of Service |
| Exploit Prerequisites | Network access to Vault listener; ability to submit HTTP API requests with crafted JSON payloads |
| CVSS 3.1 Score | 7.5 (High) |
To remediate CVE-2025-6203, customers should upgrade to one of the patched versions: Vault Community Edition 1.20.3 or Vault Enterprise editions 1.20.3, 1.19.9, 1.18.14, or 1.16.25.
Upgrading will enable built-in limits on JSON payload complexity, preventing the excessive recursion that triggers the Denial of Service.
Administrators are also encouraged to review their max_request_size settings and apply listener-level constraints to JSON parsing as part of a defense-in-depth strategy.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post HashiCorp Vault Vulnerability Let Attackers to Crash Servers appeared first on Cyber Security News.
Hi, Swifties. We don’t tend to have a lot in the way of Taylor Swift…
Cybersecurity giant Trellix has disclosed a significant security incident involving unauthorized access to a portion…
A sophisticated adversarial campaign targeting South-East Asian government and military infrastructure, combining rapid exploitation of…
Cynthia Whitaker sat alone on a bench at center stage, her face bathed in a…
Brilliant Minds and Stumble have both been canceled at NBC. Entertainment Weekly reported that the…
We noted this last month, but we really mean it in May: Things are starting…
This website uses cookies.