CVE-2025-11621

HIGH 8.1

Vault AWS auth method bypass due to AWS client cache

CVSS Score

8.1

EPSS Score

0.0%

EPSS Percentile

0th

Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5, 1.19.11, and 1.16.27

CWE	CWE-288
Vendor	hashicorp
Product	vault
Published	Oct 23, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for hashicorp vault

Be the first to know when new high vulnerabilities affecting hashicorp vault are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

HashiCorp / Vault

0.6.0 < 1.21.0

HashiCorp / Vault Enterprise

0.6.0 < 1.21.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

discuss.hashicorp.com: https://discuss.hashicorp.com/t/hcsec-2025-30-vault-aws-auth-method-authentication-bypass-through-mishandling-of-cache-entries/76709