diff --git a/Audits.md b/Audits.md
index 3e4ae3a..d5401d7 100644
--- a/Audits.md
+++ b/Audits.md
@@ -22,3 +22,10 @@ They even have a more detailed ZIP file with all raw information located here: h
 As a reference you can download the report here:
  - [Original - German - Vaultwarden-Passwortmanager.pdf](https://github.com/user-attachments/files/17805671/Vaultwarden-Passwortmanager.pdf)
  - [Translated - English - Vaultwarden-Passwortmanager.en.pdf](https://github.com/user-attachments/files/17805672/Vaultwarden-Passwortmanager.en.pdf)
+
+## Penetration Test by ERNW Enno Rey Netzwerke GmbH
+
+[ERNW Enno Rey Netzwerke GmbH](https://ernw.de) assessed Vaultwarden during a penetration test for a customer in October 2024. In June 2024, the German Federal Office for Information Security (BSI) published results of a static and dynamic test of the Vaultwarden server component. Therefore, only a partial source code audit was performed during the assessment which also focussed on other software and infrastructure. ERNW identified 3 vulnerabilities, including an authentication bypass, that were responsibly disclosed to Vaultwarden. A writeup of the vulnerabilities is described in ERNW's blog Insinuator: 
+
+- https://insinuator.net/2024/11/vulnerability-disclosure-authentication-bypass-in-vaultwarden-versions-1-32-5/
+