CVE-2025-11621
published 2025-10-23CVE-2025-11621: Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the…
PriorityP353high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
0.49%
38.4th percentile
Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5, 1.19.11, and 1.16.27
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_vault | >= 0.6.0 < 1.21.0 | 1.21.0 |
| hashicorp | vault | >= 0.6.0 < 1.16.27 | 1.16.27 |
| hashicorp | vault | >= 0.6.0 < 1.21.0 | 1.21.0 |
| hashicorp | vault | 1.18.0 – 1.18.15 | — |
| hashicorp | vault | >= 1.19.0 < 1.19.11 | 1.19.11 |
| hashicorp | vault | >= 1.20.0 < 1.20.5 | 1.20.5 |
| hashicorp | vault_enterprise | >= 0.6.0 < 1.21.0 | 1.21.0 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
github.com/hashicorp/vault: Vault AWS auth method bypass due to AWS client cache
vendor_redhat·2025-10-23·CVSS 8.1
CVE-2025-11621 [HIGH] CWE-288 github.com/hashicorp/vault: Vault AWS auth method bypass due to AWS client cache
github.com/hashicorp/vault: Vault AWS auth method bypass due to AWS client cache
Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5, 1.19.11, and 1.16.27
An authentication bypass flaw has been discovered in Hashicorp's vault product. Vault's AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Produ
OSV
HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass in github.com/hashicorp/vault
osv·2025-10-30
CVE-2025-11621 HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass in github.com/hashicorp/vault
HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass in github.com/hashicorp/vault
HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass in github.com/hashicorp/vault
GHSA
HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass
ghsa·2025-10-23
CVE-2025-11621 [HIGH] CWE-288 HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass
HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass
Vault and Vault Enterprise's ("Vault") AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5, 1.19.11, and 1.16.27.
OSV
HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass
osv·2025-10-23
CVE-2025-11621 [HIGH] HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass
HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass
Vault and Vault Enterprise's ("Vault") AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5, 1.19.11, and 1.16.27.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-23
Published