Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN567
_____________________________________________________________________

DATE                : 02/09/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Vault Community Edition versions
                                 prior to 1.20.3,
                   Vault Enterprise versions prior to 1.20.3, 1.19.9,
                                 1.18.14, 1.16.25.

=====================================================================
https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393
_____________________________________________________________________

 HCSEC-2025-24 - Vault Denial of Service Though Complex JSON Payloads
Security
security-vault


Bulletin ID: HCSEC-2025-24

Affected Products / Versions: Vault Community and Vault Enterprise
1.15.0 up to 1.20.2, 1.19.8, 1.18.13, and 1.16.24; fixed in Vault
1.20.3, 1.19.9, 1.18.14, 1.16.25

Publication Date: August 28, 2025

Summary

A malicious user may submit a specially-crafted complex payload that
otherwise meets the default request size limit which results in
excessive memory and CPU consumption of Vault. This may lead to a
timeout in Vault’s auditing subroutine, potentially resulting in the
Vault server to become unresponsive. This vulnerability,
CVE-2025-6203, is fixed in Vault Community Edition 1.20.3 and
Vault Enterprise 1.20.3, 1.19.9, 1.18.14, and 1.16.25.


Background

Vault’s audit devices keep a detail of every request to Vault log every
interaction, and a request does not complete until the audit operation
is completed.

Vault enforces a max_request_size (32MiB by default) which can be
further configured by operators.


Details

In addition to max_request_size, Vault now enforces and provides new
listener options to set limits on JSON request payloads :
max_json_depth, max_json_string_value_length,
max_json_object_entry_count, and max_json_array_element_count.
More information about these listener configuration options can be
found in the API documentation and upgrade guide.


Remediation

Customers should evaluate the risk associated with these issues
and consider upgrading to Vault Community Edition 1.20.3 or Vault
Enterprise 1.20.3, 1.19.9, 1.18.14, and 1.16.25. Please refer to
Upgrading Vault for general guidance.


Acknowledgement

This issue was identified by Darrell Bethea, Ph.D. of Indeed
who reported it to HashiCorp.

We deeply appreciate any effort to coordinate disclosure of
security vulnerabilities. For information about security at
HashiCorp and the reporting of security vulnerabilities,
please see https://hashicorp.com/security.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================