{"id":"CVE-2025-4656","summary":"Vault Vulnerable to Recovery Key Cancellation Denial of Service","details":"Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.","aliases":["BIT-vault-2025-4656","GHSA-fhc2-8qx8-6vj7","GO-2025-3788"],"modified":"2026-05-28T03:53:53.995791628Z","published":"2025-06-25T16:15:11.861Z","related":["CGA-cfjr-38xx-55vf","openSUSE-SU-2025:15254-1","openSUSE-SU-2025:15405-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/4xxx/CVE-2025-4656.json","cwe_ids":["CWE-1088"],"cna_assigner":"HashiCorp"},"references":[{"type":"WEB","url":"https://discuss.hashicorp.com/t/hcsec-2025-11-vault-vulnerable-to-recovery-key-cancellation-denial-of-service/75570"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/4xxx/CVE-2025-4656.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-4656"},{"type":"PACKAGE","url":"https://github.com/hashicorp/vault"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hashicorp/vault","events":[{"introduced":"446f213c47cabf47d52d065647ef666ce4bf8692"},{"fixed":"6fdd6b59e97d97a9e19b0fb5304bf879c190295e"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-4656.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"}]}