In Vault and Vault Enterprise versions prior to 1.20.1 (Community Edition), 1.19.7, 1.18.12 and 1.16.23 (Enterprise Edition) a medium severity vulnerability CVE-2025-6004 was detected. This vulnerability allows attackers to bypass the user lockout feature for Userpass and LDAP authentication methods. To address this issue, users should upgrade Vault Community Edition to versions 1.20.1 or Vault Enterprise to versions 1.20.1, 1.19.7, 1.18.12 or 1.16.23. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6004.
Read more SecurityIn Vault and Vault Enterprise versions prior to 1.20.1 (Community Edition), 1.19.7, 1.18.12 and 1.16.23 (Enterprise Edition) a critical severity vulnerability CVE-2025-6000 was detected. This vulnerability allows a privileged Vault operator within the root namespace with write permission to {{sys/audit}} to execute arbitrary code on the underlying host if a plugin directory is configured. To address this issue, users should upgrade Vault Community Edition to versions 1.20.1 or Vault Enterprise to versions 1.20.1, 1.19.7, 1.18.12 or 1.16.23. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6000.
Read more SecurityIn Vault and Vault Enterprise versions prior to 1.20.0 (Community Edition), 1.20.0, 1.19.6, 1.18.11 and 1.16.22 (Enterprise Edition) a high severity vulnerability CVE-2025-5999 was detected. This vulnerability allows a privileged Vault operator with write permissions to the root namespace’s identity endpoint to escalate their own or another user’s token privileges to Vault’s root policy. To address this issue, users should upgrade Vault Community Edition to versions 1.20.0 or Vault Enterprise to versions 1.20.0, 1.19.6, 1.18.11 or 1.16.22. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5999.
Read more SecurityIn Traefik versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1 a critical severity vulnerability CVE-2025-54386 was detected. This vulnerability allows attackers to upload malicious ZIP archives containing path traversal sequences, enabling arbitrary file overwrites outside the intended plugin directory and potentially leading to remote code execution, privilege escalation, persistence, or denial of service. To address this issue, users should upgrade Traefik to versions 2.11.28, 3.4.5 or 3.5.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-54386.
Read more SecurityIn Vault and Vault Enterprise versions prior to 1.20.1 (Community Edition), 1.19.7, 1.18.12 and 1.16.23 (Enterprise Edition) a medium severity vulnerability CVE-2025-6037 was detected. This vulnerability allows attackers to craft malicious certificates to impersonate other users when a non-CA certificate is used as a trusted certificate in the TLS auth method. To address this issue, users should upgrade Vault Community Edition to version 1.20.1 or Vault Enterprise to versions 1.20.1, 1.19.7, 1.18.12 or 1.16.23. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6037.
Read more SecurityIn Vault and Vault Enterprise versions prior to 1.20.1 (Community Edition), 1.19.7, 1.18.12 and 1.16.23 (Enterprise Edition) a medium severity vulnerability CVE-2025-6015 was detected. This vulnerability allows attackers to bypass login MFA rate limits and reuse TOTP codes, potentially weakening authentication security. To address this issue, users should upgrade Vault Community Edition to version 1.20.1 or Vault Enterprise to versions 1.20.1, 1.19.7, 1.18.12 or 1.16.23. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6015.
Read more SecurityIn Vault and Vault Enterprise versions prior to 1.20.1 (Community Edition), 1.19.7, 1.18.12 and 1.16.23 (Enterprise Edition) a medium severity vulnerability CVE-2025-6014 was detected. This vulnerability allows attackers to reuse TOTP codes within their validity period, potentially bypassing intended security controls. To address this issue, users should upgrade Vault Community Edition to version 1.20.1 or Vault Enterprise to versions 1.20.1, 1.19.7, 1.18.12 or 1.16.23. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6014.
Read more SecurityIn Vault and Vault Enterprise versions prior to 1.20.1 (Community Edition), 1.19.7, 1.18.12 and 1.16.23 (Enterprise Edition) a low severity vulnerability CVE-2025-6011 was detected. This vulnerability allows attackers to exploit a timing side-channel in the userpass auth method to distinguish between existing and non-existing users, potentially leading to username enumeration. To address this issue, users should upgrade Vault Community Edition to versions 1.20.1 or Vault Enterprise to versions 1.20.1, 1.19.7, 1.18.12 or 1.16.23. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6011.
Read more SecurityIn authentik versions 2025.4.4 and earlier and 2025.6.0-rc1 through 2025.6.3 a high severity vulnerability CVE-2025-53942 was identified. This vulnerability allows deactivated OAuth/SAML users to remain in a half-authenticated state, where they can’t access the API but can still authorize applications if they know the URL. To address this issue, users should upgrade Authentik to versions 2025.4.4 or 2025.6.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53942.
Read more Security