CVE-2025-11149
authentication bypass vulnerability in node-static (npm)
What is CVE-2025-11149 About?
This vulnerability is an authentication bypass affecting HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, specifically when configured with the GCP GCE auth method. It allows an attacker to bypass legitimate authentication mechanisms. Successful exploitation enables unauthorized access to Vault resources, making it a critical threat if the specific authentication method is in use.
Affected Software
Technical Details
The vulnerability exists in HashiCorp Vault and Vault Enterprise when the GCP GCE (Google Cloud Platform Google Compute Engine) authentication method is activated. While the exact technical mechanism for the bypass is not fully detailed in the description, an 'authentication bypass' implies that the security controls designed to verify a user's identity are flawed or can be circumvented. This could involve issues such as incorrect validation of GCE instance metadata, improper handling of service account credentials, or a logical flaw in the authentication flow that allows an attacker to present forged or manipulated credentials which are then accepted by Vault as legitimate. This grants unauthorized access by skipping the intended verification process.
What is the Impact of CVE-2025-11149?
Successful exploitation may allow attackers to gain unauthorized access to critical Vault resources, impersonate legitimate users, access sensitive data, and potentially escalate privileges within the Vault environment.
What is the Exploitability of CVE-2025-11149?
Exploitation of this vulnerability requires the specific condition that HashiCorp Vault is configured with the GCP GCE auth method. The complexity of exploitation is not explicitly stated but generally for authentication bypasses, it can range from moderate to high, depending on the specifics of the flaw. An attacker would likely need remote access to the Vault instance or network access to interact with its authentication endpoint. The vulnerability suggests bypassing authentication entirely, therefore no prior authentication or specific privilege level is needed for the initial bypass. The risk factor is increased if Vault instances are publicly exposed and using the vulnerable GCP GCE authentication method.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2025-11149?
Available Upgrade Options
- No fixes available
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/cloudhead/node-static/commit/78879dc665f0f7137063794b6e0b6203a81c7f67
- https://security.snyk.io/vuln/SNYK-JS-NUBOSOFTWARENODESTATIC-3330728
- https://security.snyk.io/vuln/SNYK-JS-NODESTATIC-1297183
- https://nvd.nist.gov/vuln/detail/CVE-2025-11149
- https://security.snyk.io/vuln/SNYK-JS-NUBOSOFTWARENODESTATIC-3330728
- https://security.snyk.io/vuln/SNYK-JS-NODESTATIC-1297183
- https://github.com/cloudhead/node-static/commit/78879dc665f0f7137063794b6e0b6203a81c7f67
- https://github.com/github/advisory-database/pull/6248
- https://osv.dev/vulnerability/GHSA-27w5-gj5q-82fv
- https://github.com/cloudhead/node-static
What are Similar Vulnerabilities to CVE-2025-11149?
Similar Vulnerabilities: CVE-2023-46738 , CVE-2023-46800 , CVE-2022-38699 , CVE-2021-22927 , CVE-2020-15967
