CVE-2025-49825

critical

Description

Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patch.

References

https://www.securityweek.com/critical-authentication-bypass-flaw-patched-in-teleport/

https://github.com/gravitational/teleport/security/advisories/GHSA-8cqv-pj7f-pwpc

Details

Source: Mitre, NVD

Published: 2025-06-17

Updated: 2025-06-18

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00203