{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T15:53:45.481","vulnerabilities":[{"cve":{"id":"CVE-2025-6015","sourceIdentifier":"security@hashicorp.com","published":"2025-08-01T18:15:57.010","lastModified":"2025-08-13T18:09:08.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23."},{"lang":"es","value":"Se pudieron eludir los límites de tasa de MFA de inicio de sesión de Vault y Vault Enterprise (Vault), y reutilizar los tokens TOTP. Corregido en Vault Community Edition 1.20.1 y Vault Enterprise 1.20.1, 1.19.7, 1.18.12 y 1.16.23."}],"metrics":{"cvssMetricV31":[{"source":"security@hashicorp.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}]},"weaknesses":[{"source":"security@hashicorp.com","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.10.0","versionEndExcluding":"1.16.23","matchCriteriaId":"F833B14E-EFBB-46FF-BE1D-7B6A3AC5430A"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*","versionStartIncluding":"1.10.0","versionEndExcluding":"1.20.1","matchCriteriaId":"4C1C7ED3-286F-44CB-AAC3-E2C01044CC2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.17.0","versionEndExcluding":"1.18.12","matchCriteriaId":"9E750D53-BBA7-4922-85CA-E55852B0A23A"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.19.0","versionEndExcluding":"1.19.7","matchCriteriaId":"EE2F3725-EADA-4406-9D63-8EDAF161CE2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:vault:1.20.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"562AD4B9-82F5-45C4-9214-7428247B790A"}]}]}],"references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2025-19-vault-login-mfa-bypass-of-rate-limiting-and-totp-token-reuse/76038","source":"security@hashicorp.com","tags":["Vendor Advisory"]}]}}]}