
We found results for “”
CVE-2025-6011
Good to know:

Date: August 1, 2025
A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Observable Discrepancy
CWE-203Top Fix

Upgrade Version
Upgrade to version github.com/hashicorp/vault - v1.20.1;github.com/hashicorp/vault - v1.20.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |