{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T21:41:46.082","vulnerabilities":[{"cve":{"id":"CVE-2025-6004","sourceIdentifier":"security@hashicorp.com","published":"2025-08-01T18:15:56.570","lastModified":"2025-08-13T18:10:19.797","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23."},{"lang":"es","value":"La función de bloqueo de usuarios de Vault y Vault Enterprise (Vault) podía omitirse para los métodos de autenticación Userpass y LDAP. Corregido en Vault Community Edition 1.20.1 y Vault Enterprise 1.20.1, 1.19.7, 1.18.12 y 1.16.23."}],"metrics":{"cvssMetricV31":[{"source":"security@hashicorp.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@hashicorp.com","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.13.0","versionEndExcluding":"1.16.23","matchCriteriaId":"542A9325-2419-4AC7-95D9-141E27277F9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*","versionStartIncluding":"1.13.0","versionEndExcluding":"1.20.1","matchCriteriaId":"87E48B5F-7A4D-4AF5-9E12-339E1C239279"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.17.0","versionEndExcluding":"1.18.12","matchCriteriaId":"9E750D53-BBA7-4922-85CA-E55852B0A23A"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.19.0","versionEndExcluding":"1.19.7","matchCriteriaId":"EE2F3725-EADA-4406-9D63-8EDAF161CE2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:vault:1.20.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"562AD4B9-82F5-45C4-9214-7428247B790A"}]}]}],"references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035","source":"security@hashicorp.com","tags":["Vendor Advisory"]}]}}]}