Low severityNVD Advisory· Published Jun 25, 2025· Updated Jun 25, 2025

Vault Vulnerable to Recovery Key Cancellation Denial of Service

CVE-2025-4656

Description

Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/hashicorp/vaultGo	>= 1.14.8, < 1.20.0	1.20.0

Affected products

Hashicorp/Vaultv5
Range: 1.14.8
HashiCorp/Vault Enterprisev5
Range: 1.14.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-fhc2-8qx8-6vj7ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-4656ghsaADVISORY
discuss.hashicorp.com/t/hcsec-2025-11-vault-vulnerable-to-recovery-key-cancellation-denial-of-service/75570ghsaWEB
github.com/hashicorp/vault/pull/30794ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.065
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000