{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T06:59:13.821","vulnerabilities":[{"cve":{"id":"CVE-2025-6014","sourceIdentifier":"security@hashicorp.com","published":"2025-08-01T18:15:56.853","lastModified":"2025-08-13T18:09:14.057","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23."},{"lang":"es","value":"El endpoint de validación de código del motor de secretos TOTP de Vault y Vault Enterprise (Vault) es susceptible de reutilización dentro de su periodo de validez. Corregido en Vault Community Edition 1.20.1 y Vault Enterprise 1.20.1, 1.19.7, 1.18.12 y 1.16.23."}],"metrics":{"cvssMetricV31":[{"source":"security@hashicorp.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@hashicorp.com","type":"Secondary","description":[{"lang":"en","value":"CWE-156"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*","versionEndExcluding":"1.16.23","matchCriteriaId":"FACD8B3A-DF81-45FE-A046-C52946E2FCC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*","versionEndExcluding":"1.20.1","matchCriteriaId":"3AC59271-E95C-433B-A789-F30C3DDBD579"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.17.0","versionEndExcluding":"1.18.12","matchCriteriaId":"9E750D53-BBA7-4922-85CA-E55852B0A23A"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.19.0","versionEndExcluding":"1.19.7","matchCriteriaId":"EE2F3725-EADA-4406-9D63-8EDAF161CE2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:vault:1.20.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"562AD4B9-82F5-45C4-9214-7428247B790A"}]}]}],"references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2025-17-vault-totp-secrets-engine-code-reuse/76036","source":"security@hashicorp.com","tags":["Vendor Advisory"]}]}}]}