HashiCorp Vault Flaws Expose AWS Auth, Trigger DoS Risk

HashiCorp has released critical patches for two high-severity vulnerabilities affecting its Vault identity-based security platform. The newly disclosed HashiCorp Vault flaws expose deployments to risks including unauthorized AWS authentication bypasses and denial-of-service attacks via unauthenticated JSON payloads. The company is urging users to apply updates immediately to mitigate potential threats.

The flaws are tracked under several CVEs, including CVE-2025-12044 and CVE-2025-11621. One of the issues allows attackers to bypass AWS authentication mechanisms, potentially enabling cross-account access. Another flaw enables threat actors to crash Vault servers by sending malformed JSON requests without authentication. These vulnerabilities, disclosed on October 27, 2025, have elevated the urgency for security teams managing Vault instances.

HashiCorp Vault flaws exposed in this update could disrupt operations and compromise sensitive workloads if left unpatched. Organizations are advised to review the security advisories and implement the updates across affected systems.

Read the full article here: https://securityonline.info/hashicorp-patches-vault-flaws-aws-auth-bypass-and-unauthenticated-json-dos/