cve-2025-54998
Vulnerability from cvelistv5
Published
2025-08-09 02:00
Modified
2025-08-11 14:38
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
OpenBao Userpass and LDAP User Lockout Bypass
References
security-advisories@github.comhttps://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035Not Applicable
security-advisories@github.comhttps://github.com/openbao/openbao/commit/c52795c1ef746c7f2c510f9225aa8ccbbd44f9fcPatch
security-advisories@github.comhttps://github.com/openbao/openbao/security/advisories/GHSA-j3xv-7fxp-gfhxVendor Advisory
Impacted products
openbaoopenbao
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54998",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-11T14:38:13.223350Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-11T14:38:33.591Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "openbao",
          "vendor": "openbao",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.1.0, \u003c 2.3.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by different aliasing between pre-flight and full login request user entity alias attributions. This is fixed in version 2.3.2. To work around this issue, existing users may apply rate-limiting quotas on the authentication endpoints:, see https://openbao.org/api-docs/system/rate-limit-quotas/."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-307",
              "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-09T02:00:27.597Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/openbao/openbao/security/advisories/GHSA-j3xv-7fxp-gfhx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openbao/openbao/security/advisories/GHSA-j3xv-7fxp-gfhx"
        },
        {
          "name": "https://github.com/openbao/openbao/commit/c52795c1ef746c7f2c510f9225aa8ccbbd44f9fc",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openbao/openbao/commit/c52795c1ef746c7f2c510f9225aa8ccbbd44f9fc"
        },
        {
          "name": "https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035"
        }
      ],
      "source": {
        "advisory": "GHSA-j3xv-7fxp-gfhx",
        "discovery": "UNKNOWN"
      },
      "title": "OpenBao Userpass and LDAP User Lockout Bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-54998",
    "datePublished": "2025-08-09T02:00:27.597Z",
    "dateReserved": "2025-08-04T17:34:24.420Z",
    "dateUpdated": "2025-08-11T14:38:33.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-54998\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-08-09T03:15:46.463\",\"lastModified\":\"2025-08-12T20:50:55.900\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by different aliasing between pre-flight and full login request user entity alias attributions. This is fixed in version 2.3.2. To work around this issue, existing users may apply rate-limiting quotas on the authentication endpoints:, see https://openbao.org/api-docs/system/rate-limit-quotas/.\"},{\"lang\":\"es\",\"value\":\"OpenBao existe para proporcionar una soluci\u00f3n de software que permite gestionar, almacenar y distribuir datos confidenciales, como secretos, certificados y claves. En las versiones 0.1.0 a 2.3.1, los atacantes pod\u00edan eludir los mecanismos de bloqueo autom\u00e1tico de usuarios en los sistemas de autenticaci\u00f3n OpenBao Userpass o LDAP. Esto se deb\u00eda a una asignaci\u00f3n de alias diferente entre las atribuciones de alias de entidad de usuario de las solicitudes de inicio de sesi\u00f3n previas al vuelo y de inicio de sesi\u00f3n completo. Esto se solucion\u00f3 en la versi\u00f3n 2.3.2. Para solucionar este problema, los usuarios pueden aplicar cuotas de limitaci\u00f3n de velocidad en los endpoints de autenticaci\u00f3n (consulte https://openbao.org/api-docs/system/rate-limit-quotas/).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-307\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openbao:openbao:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.1.0\",\"versionEndExcluding\":\"2.3.2\",\"matchCriteriaId\":\"ACF9965E-337F-45A7-92E4-5D36A7FC7C9A\"}]}]}],\"references\":[{\"url\":\"https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/openbao/openbao/commit/c52795c1ef746c7f2c510f9225aa8ccbbd44f9fc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openbao/openbao/security/advisories/GHSA-j3xv-7fxp-gfhx\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.