VYPR
High severityNVD Advisory· Published Aug 28, 2025· Updated Oct 23, 2025

Vault unauthenticated denial of service through complex json payload

CVE-2025-6203

Description

A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become unresponsive. This vulnerability, CVE-2025-6203, is fixed in Vault Community Edition 1.20.3 and Vault Enterprise 1.20.3, 1.19.9, 1.18.14, and 1.16.25.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/vaultGo
< 1.20.31.20.3

Affected products

25

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.