CVE-2025-6013

MEDIUM 6.5

Vault LDAP MFA Enforcement Bypass When Using Username As Alias

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and 1.16.24.

CWE	CWE-156
Vendor	hashicorp
Product	vault
Published	Aug 6, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for hashicorp vault

Be the first to know when new medium vulnerabilities affecting hashicorp vault are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

HashiCorp / Vault

1.10.0 < 1.20.2

HashiCorp / Vault Enterprise

1.10.0 < 1.20.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

discuss.hashicorp.com: https://discuss.hashicorp.com/t/hcsec-2025-20-vault-ldap-mfa-enforcement-bypass-when-using-username-as-alias/76092