Low severityNVD Advisory· Published Jun 25, 2025· Updated Jun 25, 2025
Vault Vulnerable to Recovery Key Cancellation Denial of Service
CVE-2025-4656
Description
Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/vaultGo | >= 1.14.8, < 1.20.0 | 1.20.0 |
Affected products
9- osv-coords7 versionspkg:apk/chainguard/splunk-otel-collectorpkg:apk/chainguard/splunk-otel-collector-fipspkg:apk/wolfi/splunk-otel-collectorpkg:bitnami/vaultpkg:golang/github.com/hashicorp/vaultpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/openbao&distro=openSUSE%20Tumbleweed
< 0.138.0-r0+ 6 more
- (no CPE)range: < 0.138.0-r0
- (no CPE)range: < 0.138.0-r1
- (no CPE)range: < 0.138.0-r0
- (no CPE)range: >= 1.14.8, < 1.20.0
- (no CPE)range: >= 1.14.8, < 1.20.0
- (no CPE)range: < 0.0.20250730T213748-1.1
- (no CPE)range: < 2.3.1-1.1
- Range: 1.14.8
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.