CVE-2025-6203: 
HashiCorp Vault vulnerability analysis and mitigation

A denial of service vulnerability (CVE-2025-6203) was discovered in HashiCorp's Vault secret storage project. The vulnerability was disclosed on August 28, 2025, and affects multiple versions of Vault Community Edition and Enterprise Edition. The issue has been fixed in Vault Community Edition 1.20.3 and Vault Enterprise versions 1.20.3, 1.19.9, 1.18.14, and 1.16.25 (HashiCorp Discussion).

The vulnerability is classified as CWE-770 (Allocation of Resources Without Limits or Throttling). It has received a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

When exploited, the vulnerability can lead to excessive memory and CPU consumption of Vault, potentially causing a timeout in Vault's auditing subroutine. This can result in the Vault server becoming unresponsive, effectively creating a denial of service condition (HashiCorp Discussion).

The primary mitigation is to upgrade to the fixed versions: Vault Community Edition 1.20.3 or Vault Enterprise versions 1.20.3, 1.19.9, 1.18.14, or 1.16.25. According to Red Hat's assessment, alternative mitigation options either are not available or do not meet their Product Security criteria for ease of use, deployment, and stability (Red Hat Security).