Main Vulnerability Database Vulnerabilities #VU113695

#VU113695 Improper authentication in Vault and Vault Enterprise - CVE-2025-6013

Published: August 6, 2025

Vulnerability identifier: #VU113695

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-6013

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Vault
Vault Enterprise

Software vendor:
HashiCorp

Description

The vulnerability allows a remote attacker to bypass MFA authentication.

The vulnerability exists due to the LDAP authentication method does not correctly enforce MFA if "username_as_alias" is set to true and a user has multiple CNs that are equal but with leading or trailing spaces. LDAP usernames containing additional whitespaces may be valid and result in a successful authentication from the ldap backend after normalization.

When setting the alias name on successful login, the ldap auth method would set the entity alias name to the value provided by the user rather than using the normalized user DN information returned by the ldap directory.

Due to these inconsistencies in normalizing strings with additional spaces, entity alias names and potentially duplicate entity alias ids resulted in MFA enforcement not being respected in some configurations.

Remediation

Install updates from vendor's website.

External links

https://discuss.hashicorp.com/t/hcsec-2025-20-vault-ldap-mfa-enforcement-bypass-when-using-username-as-alias/76092

#VU113695 Improper authentication in Vault and Vault Enterprise - CVE-2025-6013

Description

Remediation

External links

Please verify you're human