← voltar
CVE-2025-6014

Vault TOTP Secrets Engine Code Reuse

CVSS 6.5 MEDIUMEPSS 0.3%CWE-156
Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
HashiCorp · VaultHashiCorp · Vault Enterprise

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://discuss.hashicorp.com/t/hcsec-2025-17-vault-totp-secrets-engine-code-reuse/76036