HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

Affected Packages

Go github.com/hashicorp/vault

Affected versions: 0 (fixed in 1.11.9)

Go github.com/hashicorp/vault

Affected versions: 1.12.0 (fixed in 1.12.5)

Go github.com/hashicorp/vault

Affected versions: 1.13.0 (fixed in 1.13.1)

Related CVEs

CVE-2023-25000

Key Information

GHSA ID

GHSA-vq4h-9ghm-qmrr

Published

March 30, 2023 3:30 AM

Last Modified

April 7, 2023 7:23 PM

CVSS Score

5.0 /10

Primary Ecosystem

Primary Package

github.com/hashicorp/vault

GitHub Reviewed

✓ Yes

Dataset

Last updated: November 25, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.