Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Infrastructure and Network

Infrastructure and Network

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    5 Aug 2025 Infrastructure and Network
    Vault: Userpass and LDAP Authentication Vulnerable to User Lockout Bypass

    In Vault and Vault Enterprise versions prior to 1.20.1 (Community Edition), 1.19.7, 1.18.12 and 1.16.23 (Enterprise Edition) a medium severity vulnerability CVE-2025-6004 was detected. This vulnerability allows attackers to bypass the user lockout feature for Userpass and LDAP authentication methods. To address this issue, users should upgrade Vault Community Edition to versions 1.20.1 or Vault Enterprise to versions 1.20.1, 1.19.7, 1.18.12 or 1.16.23. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6004.

    Read more
    Security
    5 Aug 2025 Infrastructure and Network
    Vault: Privileged Operator Vulnerable to Arbitrary Remote Code Execution via Plugin Catalog Abuse

    In Vault and Vault Enterprise versions prior to 1.20.1 (Community Edition), 1.19.7, 1.18.12 and 1.16.23 (Enterprise Edition) a critical severity vulnerability CVE-2025-6000 was detected. This vulnerability allows a privileged Vault operator within the root namespace with write permission to {{sys/audit}} to execute arbitrary code on the underlying host if a plugin directory is configured. To address this issue, users should upgrade Vault Community Edition to versions 1.20.1 or Vault Enterprise to versions 1.20.1, 1.19.7, 1.18.12 or 1.16.23. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6000.

    Read more
    Security
    5 Aug 2025 Infrastructure and Network
    Vault: Root Namespace Operator Vulnerable to Token Privilege Escalation

    In Vault and Vault Enterprise versions prior to 1.20.0 (Community Edition), 1.20.0, 1.19.6, 1.18.11 and 1.16.22 (Enterprise Edition) a high severity vulnerability CVE-2025-5999 was detected. This vulnerability allows a privileged Vault operator with write permissions to the root namespace’s identity endpoint to escalate their own or another user’s token privileges to Vault’s root policy. To address this issue, users should upgrade Vault Community Edition to versions 1.20.0 or Vault Enterprise to versions 1.20.0, 1.19.6, 1.18.11 or 1.16.22. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5999.

    Read more
    Security
    4 Aug 2025 Infrastructure and Network
    Traefik: Path Traversal in Client Plugin Enables Arbitrary File Overwrites and Potential Remote Code Execution

    In Traefik versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1 a critical severity vulnerability CVE-2025-54386 was detected. This vulnerability allows attackers to upload malicious ZIP archives containing path traversal sequences, enabling arbitrary file overwrites outside the intended plugin directory and potentially leading to remote code execution, privilege escalation, persistence, or denial of service. To address this issue, users should upgrade Traefik to versions 2.11.28, 3.4.5 or 3.5.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-54386.

    Read more
    Security
    4 Aug 2025 Infrastructure and Network
    Vault: Certificate Validation Flaw Enables User Impersonation via Malicious Certificates

    In Vault and Vault Enterprise versions prior to 1.20.1 (Community Edition), 1.19.7, 1.18.12 and 1.16.23 (Enterprise Edition) a medium severity vulnerability CVE-2025-6037 was detected. This vulnerability allows attackers to craft malicious certificates to impersonate other users when a non-CA certificate is used as a trusted certificate in the TLS auth method. To address this issue, users should upgrade Vault Community Edition to version 1.20.1 or Vault Enterprise to versions 1.20.1, 1.19.7, 1.18.12 or 1.16.23. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6037.

    Read more
    Security
    4 Aug 2025 Infrastructure and Network
    Vault: MFA Login Vulnerability Enables Rate Limiting Bypass and TOTP Reuse

    In Vault and Vault Enterprise versions prior to 1.20.1 (Community Edition), 1.19.7, 1.18.12 and 1.16.23 (Enterprise Edition) a medium severity vulnerability CVE-2025-6015 was detected. This vulnerability allows attackers to bypass login MFA rate limits and reuse TOTP codes, potentially weakening authentication security. To address this issue, users should upgrade Vault Community Edition to version 1.20.1 or Vault Enterprise to versions 1.20.1, 1.19.7, 1.18.12 or 1.16.23. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6015.

    Read more
    Security
    4 Aug 2025 Infrastructure and Network
    Vault: TOTP Secrets Engine Vulnerable to Code Reuse Within Validity Window

    In Vault and Vault Enterprise versions prior to 1.20.1 (Community Edition), 1.19.7, 1.18.12 and 1.16.23 (Enterprise Edition) a medium severity vulnerability CVE-2025-6014 was detected. This vulnerability allows attackers to reuse TOTP codes within their validity period, potentially bypassing intended security controls. To address this issue, users should upgrade Vault Community Edition to version 1.20.1 or Vault Enterprise to versions 1.20.1, 1.19.7, 1.18.12 or 1.16.23. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6014.

    Read more
    Security
    4 Aug 2025 Infrastructure and Network
    Vault: Userpass Auth Method Vulnerable to Timing Side-Channel User Enumeration

    In Vault and Vault Enterprise versions prior to 1.20.1 (Community Edition), 1.19.7, 1.18.12 and 1.16.23 (Enterprise Edition) a low severity vulnerability CVE-2025-6011 was detected. This vulnerability allows attackers to exploit a timing side-channel in the userpass auth method to distinguish between existing and non-existing users, potentially leading to username enumeration. To address this issue, users should upgrade Vault Community Edition to versions 1.20.1 or Vault Enterprise to versions 1.20.1, 1.19.7, 1.18.12 or 1.16.23. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6011.

    Read more
    Security
    24 Jul 2025 Infrastructure and Network
    authentik: OAuth/SAML Deactivated Users Can Partially Access System and Authorize Applications

    In authentik versions 2025.4.4 and earlier and 2025.6.0-rc1 through 2025.6.3 a high severity vulnerability CVE-2025-53942 was identified. This vulnerability allows deactivated OAuth/SAML users to remain in a half-authenticated state, where they can’t access the API but can still authorize applications if they know the URL. To address this issue, users should upgrade Authentik to versions 2025.4.4 or 2025.6.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53942.

    Read more
    Security
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}