CVE-2025-11621 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-11621 PUBLISHED

Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5, 1.19.11, and 1.16.27

EPSS 0.12% · 30.7th percentile

Risk Scores

EPSS Score

0.12%

30.7th percentile

Affected Products

Vendor	Product	Versions
Bitnami	vault	0.6.0
Bitnami	vault	0.6.0

Timeline

Oct 23, 2025 CVE Published
Oct 23, 2025 Coalition ESS Score
Oct 23, 2025 PoC Published
Oct 24, 2025 EPSS Score
Oct 25, 2025 Coalition ESS Score
Oct 25, 2025 PoC Published
Oct 27, 2025 Coalition ESS Score
Oct 27, 2025 PoC Published
Oct 28, 2025 PoC Published
Oct 29, 2025 EPSS Score
Oct 30, 2025 Coalition ESS Score
Nov 3, 2025 EPSS Score

References

Open in Interactive Console →