VDB
CVE-2025-11621
CVE-2025-11621
PUBLISHED
Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5, 1.19.11, and 1.16.27
EPSS 0.08% · 23.0th percentile
Risk Scores
EPSS Score
0.08%
23.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | vault | 0.6.0 |
| Bitnami | vault | 0.6.0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-11621 (circl-sighting)
- CIRCL seen: CVE-2025-11621 (circl-sighting)
- CIRCL seen: CVE-2025-11621 (circl-sighting)
- CIRCL seen: CVE-2025-11621 (circl-sighting)
- CIRCL seen: CVE-2025-11621 (circl-sighting)
- https://discuss.hashicorp.com/t/hcsec-2025-30-vault-aws-auth-method-authentication-bypass-through-mishandling-of-cache-entries/76709 (circl)
- image.yaml (github-poc)
- image.yaml (github-poc)
- image.yaml (github-poc)
- image.yaml (github-poc)
…and 5 more exploits
Timeline
- Oct 23, 2025 CVE Published
- Oct 23, 2025 Coalition ESS Score
- Oct 23, 2025 PoC Published
- Oct 24, 2025 EPSS Score
- Oct 25, 2025 Coalition ESS Score
- Oct 25, 2025 PoC Published
- Oct 27, 2025 Coalition ESS Score
- Oct 27, 2025 PoC Published
- Oct 28, 2025 PoC Published
- Oct 30, 2025 EPSS Score
- Oct 30, 2025 Coalition ESS Score
- Nov 5, 2025 EPSS Score