CVE-2025-55001

CVE-2025-55001

Name

CVE-2025-55001

Description

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. When the username_as_alias=true parameter in the LDAP auth method was in use, the caller-supplied username was used verbatim without normalization, allowing an attacker to bypass alias-specific MFA requirements. This issue was fixed in version 2.3.2. To work around this, remove all usage of the username_as_alias=true parameter and update any entity aliases accordingly.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://discuss.hashicorp.com/t/hcsec-2025-20-vault-ldap-mfa-enforcement-bypass-when-using-username-as-alias/76092
MISC	https://github.com/openbao/openbao/commit/c52795c1ef746c7f2c510f9225aa8ccbbd44f9fc
CONFIRM	https://github.com/openbao/openbao/security/advisories/GHSA-2q8q-8fgw-9p6p

Type

URI

MISC

https://discuss.hashicorp.com/t/hcsec-2025-20-vault-ldap-mfa-enforcement-bypass-when-using-username-as-alias/76092

MISC

https://github.com/openbao/openbao/commit/c52795c1ef746c7f2c510f9225aa8ccbbd44f9fc

CONFIRM

https://github.com/openbao/openbao/security/advisories/GHSA-2q8q-8fgw-9p6p

CPE URI	Source package	Min version	Max version
	openbao	>= 0	< 2.3.2

CPE URI

Source package

Min version

Max version

openbao

>= 0

< 2.3.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
openbao	edge-community	2.3.1-r1	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
openbao	edge-community	2.3.1-r0	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
openbao	edge-community	2.2.2-r1	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
openbao	edge-community	2.2.2-r0	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
openbao	edge-community	2.2.1-r1	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
openbao	edge-community	2.2.1-r0	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
openbao	edge-community	2.2.0-r2	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
openbao	edge-community	2.2.0-r1	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
openbao	edge-community	2.2.0-r0	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
openbao	edge-community	2.1.0-r2	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
openbao	edge-community	2.1.0-r1	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
openbao	edge-community	2.1.0-r0	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
openbao	3.22-community	2.3.1-r3	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
openbao	3.22-community	2.3.1-r2	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
openbao	3.22-community	2.3.1-r1	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
openbao	3.22-community	2.1.0-r5	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages