{"id":6586,"date":"2025-09-02T10:03:56","date_gmt":"2025-09-02T10:03:56","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/09\/02\/hashicorp-vault-vulnerability-let-attackers-to-crash-servers\/"},"modified":"2025-09-02T10:03:56","modified_gmt":"2025-09-02T10:03:56","slug":"hashicorp-vault-vulnerability-let-attackers-to-crash-servers","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/09\/02\/hashicorp-vault-vulnerability-let-attackers-to-crash-servers\/","title":{"rendered":"HashiCorp Vault Vulnerability Let Attackers to Crash Servers"},"content":{"rendered":"<p>    HashiCorp Vault Vulnerability Let Attackers to Crash Servers<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>A critical denial-of-service vulnerability in HashiCorp Vault could allow malicious actors to overwhelm servers with specially crafted JSON payloads, leading to excessive resource consumption and rendering Vault instances unresponsive.\u00a0<\/p>\n<p>Tracked as CVE-2025-6203 and published on August 28, 2025, the flaw affects both Vault Community and Enterprise editions from version 1.15.0 up to several patched releases.\u00a0<\/p>\n<p>Operators are urged to upgrade to Vault 1.20.3 (Community and Enterprise), 1.19.9, 1.18.14, or 1.16.25 to mitigate the issue.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-memory-based-dos-vulnerability\"><strong>Memory-Based DoS Vulnerability<\/strong><\/h2>\n<p>Vault\u2019s audit devices are responsible for logging every request interaction before completing the request.\u00a0<\/p>\n<p>A malicious user can submit a payload that meets the default max_request_size limit (32 MiB by default) but leverages deeply nested JSON structures or excessive entries to force extreme CPU and memory usage in the audit subroutine.\u00a0<\/p>\n<p>As the JSON parser recurses through long string values or high object entry counts, memory consumption spikes, triggering timeouts and causing the Vault server to become unresponsive.<\/p>\n<p><a href=\"https:\/\/cybersecuritynews.com\/hashicorp-cloud-vault-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">HashiCorp<\/a> has introduced new listener configuration options to further harden Vault against abusive JSON payloads. The TCP listener may now be configured with:<\/p>\n<ul class=\"wp-block-list\">\n<li>max_json_depth: Maximum nesting depth for JSON objects.<\/li>\n<li>max_json_string_value_length: Maximum length for string values.<\/li>\n<li>max_json_object_entry_count: Maximum number of key\/value pairs in an object.<\/li>\n<li>max_json_array_element_count: Maximum elements in a JSON array.<\/li>\n<\/ul>\n<p>Operators can find <a href=\"https:\/\/discuss.hashicorp.com\/t\/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads\/76393\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">detailed guidance<\/a> in the API documentation for listener parameters and the Vault upgrade guide.<\/p>\n<p>HashiCorp acknowledges Darrell Bethea, Ph.D., of Indeed for responsibly reporting this vulnerability.<\/p>\n<figure class=\"wp-block-table aligncenter\">\n<table class=\"has-fixed-layout\">\n<tbody>\n<tr>\n<td><strong>Risk Factors<\/strong><\/td>\n<td><strong>Details<\/strong><\/td>\n<\/tr>\n<tr>\n<td>Affected Products<\/td>\n<td>Vault Community and Vault Enterprise 1.15.0 through 1.20.2, 1.19.8, 1.18.13, and 1.16.24<\/td>\n<\/tr>\n<tr>\n<td>Impact<\/td>\n<td>Denial of Service<\/td>\n<\/tr>\n<tr>\n<td>Exploit Prerequisites<\/td>\n<td>Network access to Vault listener; ability to submit HTTP API requests with crafted JSON payloads<\/td>\n<\/tr>\n<tr>\n<td>CVSS 3.1 Score<\/td>\n<td>7.5 (High)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<h2 class=\"wp-block-heading\" id=\"h-mitigations\"><strong>Mitigations<\/strong><\/h2>\n<p>To remediate CVE-2025-6203, customers should upgrade to one of the <a href=\"https:\/\/cybersecuritynews.com\/19-vulnerabilities-across-multiple-products-patched\/\" target=\"_blank\" rel=\"noreferrer noopener\">patched versions<\/a>: Vault Community Edition 1.20.3 or Vault Enterprise editions 1.20.3, 1.19.9, 1.18.14, or 1.16.25.\u00a0<\/p>\n<p>Upgrading will enable built-in limits on JSON payload complexity, preventing the excessive recursion that triggers the Denial of Service.\u00a0<\/p>\n<p>Administrators are also encouraged to review their max_request_size settings and apply listener-level constraints to JSON parsing as part of a defense-in-depth strategy.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 89%,rgb(169,184,195) 100%)\"><strong>Find this Story Interesting! Follow us on <a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google News<\/a>,\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>,\u00a0and\u00a0<a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener\">X<\/a>\u00a0to Get More Instant Updates<\/strong>.<\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/hashicorp-vault-vulnerability\/\">HashiCorp Vault Vulnerability Let Attackers to Crash Servers<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Florence Nightingale<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/hashicorp-vault-vulnerability\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>HashiCorp Vault Vulnerability Let Attackers to Crash Servers A critical denial-of-service vulnerability in HashiCorp Vault could allow malicious actors to overwhelm servers with specially crafted JSON payloads, leading to excessive resource consumption and rendering Vault instances unresponsive.\u00a0 Tracked as CVE-2025-6203 and published on August 28, 2025, the flaw affects both Vault Community and Enterprise editions [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,131,648],"tags":[130],"class_list":["post-6586","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/6586"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=6586"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/6586\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=6586"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=6586"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=6586"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}