VYPR
High severityNVD Advisory· Published Oct 23, 2025· Updated Feb 26, 2026

Vault AWS auth method bypass due to AWS client cache

CVE-2025-11621

Description

Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5, 1.19.11, and 1.16.27

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/vaultGo
>= 0.6.0, < 1.21.01.21.0

Affected products

8

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.