CVE-2025-6013

MEDIUM

Vault 1.10.0-1.15.15, 1.16.0-1.19.7, 1.20.0-1.20.1 - MFA Enforcement Bypass via LDAP Username Alias Whitespace

Title source: llm

Description

Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and 1.16.24.

References (1)

Core 1

Core References

Vendor Advisory

https://discuss.hashicorp.com/t/hcsec-2025-20-vault-ldap-mfa-enforcement-bypass-when-using-username-as-alias/76092

Scores

CVSS v3 6.5

EPSS 0.0007

EPSS Percentile 22.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-156

Status published

Products (3)

hashicorp/vault 0 - 1.20.2Go

hashicorp/vault 1.10.0 - 1.15.16

hashicorp/vault 1.10.0 - 1.20.2

Published Aug 06, 2025

Tracked Since Feb 18, 2026