← back
CVE-2025-49825

Teleport allows remote authentication bypass

CVSS 9.8 CRITICALEPSS 7.8%CWE-863
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 7.8%KEV nãoPoC Patch
Lifecycle
Jun 17, 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patch.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
gravitational · teleport

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/gravitational/teleport/security/advisories/GHSA-8cqv-pj7f-pwpc