Security Advisory

CVE-2025-11621

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-23 19:08:54
Last updated 2026-02-26 16:57:11
Assigner HashiCorp
State PUBLISHED

Description

Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5, 1.19.11, and 1.16.27