Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login
Summary Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. This vulnerability, identified as CVE-2025-3879, is fixed in Vault Community Edition...