Primary

Context

HashiCorp Vault and Vault Enterprise AWS Auth Method Authentication Bypass Vulnerability

Vulnerability

Patched

An authentication bypass vulnerability has been identified in the AWS Auth method of HashiCorp Vault and Vault Enterprise. This issue arises when the role of the configured bound_principal_iam is identical across AWS accounts or employs a wildcard, allowing an attacker to authenticate from a different account. The vulnerability affects Vault Community Edition versions 0.6.0 prior to 1.20.4 and Vault Enterprise versions 0.6.0 prior to 1.20.4, 1.19.10, 1.18.15, and 1.16.26.

Impact

Exploitation of this vulnerability can lead to unauthorized authentication, allowing access to sensitive data and potential privilege escalation.

Remediation

Users of Vault should consider upgrading to Vault Community Edition 1.21.0 or Vault Enterprise 1.21.0, 1.20.5, 1.19.11, or 1.16.27. General guidance on the upgrading process is available in Vault's Upgrading documentation.

Added: Oct 23, 2025, 7:35 PM

Updated: Oct 23, 2025, 7:35 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HashiCorp Vault and Vault Enterprise AWS Auth Method Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

HashiCorp Vault

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating