{"id":"GO-2025-3856","summary":"OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse in github.com/openbao/openbao","details":"OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse in github.com/openbao/openbao.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/openbao/openbao before v2.3.2.","aliases":["CVE-2025-55003","GHSA-rxp7-9q75-vj3p"],"modified":"2025-08-11T18:42:13.877398Z","published":"2025-08-11T17:59:12Z","database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-3856"},"references":[{"type":"ADVISORY","url":"https://github.com/openbao/openbao/security/advisories/GHSA-rxp7-9q75-vj3p"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55003"},{"type":"FIX","url":"https://github.com/openbao/openbao/commit/8340a6918f6c41d8f75b6c3845c376d9dc32ed19"},{"type":"WEB","url":"https://discuss.hashicorp.com/t/hcsec-2025-19-vault-login-mfa-bypass-of-rate-limiting-and-totp-token-reuse/76038"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6015"}],"affected":[{"package":{"name":"github.com/openbao/openbao","ecosystem":"Go","purl":"pkg:golang/github.com/openbao/openbao"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.0.0-20250807113757-8340a6918f6c"},{"introduced":"0.1.0"}]}],"ecosystem_specific":{"custom_ranges":[{"events":[{"introduced":"0"},{"fixed":"2.3.2"}],"type":"ECOSYSTEM"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3856.json"}}],"schema_version":"1.7.3"}