Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5, 1.19.11, and 1.16.27
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Trusted Artifact Signer 1.3 | RedHat | rhtas/fulcio-rhel9:sha256:b19900ebbf9cac67196127a60ea2434a8ce2011b17bab15a0e7fc96cf38a63fa | * |
| Red Hat Trusted Artifact Signer 1.3 | RedHat | rhtas/rekor-cli-rhel9:sha256:3782ef36eac0a40b3b8d018476d0af7505d2a81f0ccb993644e8c5f20f1cd566 | * |
| Red Hat Trusted Artifact Signer 1.3 | RedHat | rhtas/rekor-server-rhel9:sha256:799b0b86f83f0fdf450ecbd2726419570b15f6ec5ba5b814750d45b8269e4dac | * |
| Red Hat Trusted Artifact Signer 1.3 | RedHat | rhtas/timestamp-authority-rhel9:sha256:7b3eb9108c50321278ccad2032b3fb365911df83084cca953dd068cdd51f7874 | * |
| Red Hat Trusted Artifact Signer 1.3 | RedHat | rhtas/client-server-rhel9:sha256:cddda466bc9957f1c3902da3a0cf37ef3ec08f4aeb8c50a421405540120b75cf | * |
| Red Hat Trusted Artifact Signer 1.3 | RedHat | rhtas/cosign-rhel9:sha256:a6f3dba2c7ec8cdf7a87a2e8679da66c2248b44c7e15611205f096a6c1629f88 | * |
| Red Hat Trusted Artifact Signer 1.3 | RedHat | rhtas/gitsign-rhel9:sha256:882d508ec7d71fb3e13ee240ee295ee91884700d63029bb58bd456b6d23fd5e0 | * |
| Red Hat Trusted Artifact Signer 1.3 | RedHat | rhtas/policy-controller-rhel9:sha256:7172d6a08594cccd155c2f74110cfbafadb812af84bb6b75c8bec1e3c416bd26 | * |