- Description
- Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393] which allowed for processing JSON payloads before applying rate limits. This vulnerability, CVE-2025-12044, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.16.27, 1.19.11, 1.20.5, and 1.21.0.
- Source
- security@hashicorp.com
- NVD status
- Analyzed
- Products
- vault
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security@hashicorp.com
- CWE-770
- Hype score
- Not currently trending
🚨🚨HashiCorp Patches Vault Flaws CVE-2025-12044: Rate limits applied after JSON parsing → spam massive valid payloads, exhaust CPU/RAM, trigger DoS. CVE-2025-11621: Cache skips account ID check → reuse role names across accounts, bypass auth in multi-tenant setups. Zo
@zoomeye_team
28 Oct 2025
918 Impressions
3 Retweets
11 Likes
3 Bookmarks
0 Replies
0 Quotes
🇺🇸 HashiCorp discloses two critical Vault vulnerabilities (CVE-2025-12044, CVE-2025-11621) enabling auth bypass and DoS in Community & Enterprise builds. Patch/mitigate. #Cybersecurity #OSINT https://t.co/0AySqmllkA
@STRATINT_AI
27 Oct 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨:CVE-2025-12044&CVE-2025-11621 : Two HashiCorp Patches Vault Flaws——Unauthenticated JSON DoS and AWS Auth Bypass 📊117.9K Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/xHOmRHMcOk 👇Query HUNTER : https://t.co/q9rtu
@HunterMapping
27 Oct 2025
4627 Impressions
14 Retweets
62 Likes
27 Bookmarks
1 Reply
1 Quote
# HashiCorp Vault JSON Parsing DoS Regression (CVE-2025-12044) · GitHub https://t.co/MoNZ8KhXgV
@akaclandestine
25 Oct 2025
997 Impressions
0 Retweets
2 Likes
2 Bookmarks
1 Reply
0 Quotes
CVE-2025-12044 - Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON https://t.co/XoAJrg4kbN For today's test with #pruva i tried to go with an unconventional reproduction, a DoS. The agents went down to pprofing, performance analyzing h
@N3mes1s
24 Oct 2025
1611 Impressions
6 Retweets
27 Likes
8 Bookmarks
1 Reply
0 Quotes
CVE-2025-12044 Unauthenticated Denial of Service Vulnerability in HashiCorp Vault Multiple Versions https://t.co/xlLimzp57I
@VulmonFeeds
24 Oct 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12044 Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a prev… https://t.co/7UpiPX5i5p
@CVEnew
23 Oct 2025
369 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "A80F6E6B-73F4-4613-B524-E74ABD893175",
"versionEndExcluding": "1.16.27",
"versionStartIncluding": "1.16.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "5E92B1F3-EE4C-4F21-9E0D-3A36CF7D5FA4",
"versionEndIncluding": "1.18.15",
"versionStartIncluding": "1.18.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "CD76B351-286F-4F2F-8F67-B09DE58089DF",
"versionEndIncluding": "1.19.11",
"versionStartIncluding": "1.19.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "564C8B93-D4B4-40A2-B240-AFE8A02B743F",
"versionEndExcluding": "1.20.5",
"versionStartIncluding": "1.20.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "199D575A-2712-4522-8E00-B46120F572E6",
"versionEndExcluding": "1.21.0",
"versionStartIncluding": "1.20.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]