| id: GO-2025-3840 |
| modules: |
| - module: github.com/hashicorp/vault |
| versions: |
| - introduced: 1.13.0 |
| - fixed: 1.20.1 |
| vulnerable_at: 1.20.0 |
| summary: Hashicorp Vault has Lockout Feature Authentication Bypass in github.com/hashicorp/vault |
| cves: |
| - CVE-2025-6004 |
| ghsas: |
| - GHSA-qgj7-fmq2-6cc4 |
| references: |
| - advisory: https://github.com/advisories/GHSA-qgj7-fmq2-6cc4 |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-6004 |
| - web: https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035 |
| source: |
| id: GHSA-qgj7-fmq2-6cc4 |
| created: 2025-08-06T19:53:29.480056291Z |
| review_status: UNREVIEWED |
