VYPR
Low severityNVD Advisory· Published Jun 25, 2025· Updated Jun 25, 2025

Vault Vulnerable to Recovery Key Cancellation Denial of Service

CVE-2025-4656

Description

Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/vaultGo
>= 1.14.8, < 1.20.01.20.0

Affected products

9

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.