CVE-2025-49825

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-49825

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-49825.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-49825

Aliases

Published

2025-06-17T21:43:18.288Z

Modified

2025-12-05T10:19:09.324736Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Teleport allows remote authentication bypass

Details

Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patch.

Database specific

{
    "cwe_ids": [
        "CWE-863"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/49xxx/CVE-2025-49825.json"
}

References

Affected packages

Git / github.com/gravitational/teleport

Affected ranges

Type

GIT

Repo

https://github.com/gravitational/teleport

Events

Introduced

Last affected

e2b65d3e50614d1ce3106227d2a8c9b7559fd1e8

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "17.5.1"
        }
    ]
}

Affected versions

0.*

0.2.0-beta.7

0.2.1

0.2.2

0.2.3

1.*

1.0.1

1.0.2

2.*

2.1.0-alpha1

api/v14.*

api/v14.1.3-dev.logan.1

api/v14.1.3-dev.logan.2

api/v15.*

api/v15.0.0-dev.win-test-1

api/v16.*

api/v16.0.0-fred.12

api/v17.*

api/v17.0.0

api/v17.0.0-alpha.1

api/v17.0.0-alpha.2

api/v17.0.0-alpha.3

api/v17.0.0-alpha.4

api/v17.0.0-alpha.5

api/v17.0.0-beta.1

api/v17.0.0-beta.2

api/v17.0.0-dev.gusr.1

api/v17.0.0-rc.1

api/v17.0.0-rc.2

api/v17.0.0-rc.3

api/v17.0.1

api/v17.0.2

api/v17.0.3

api/v17.0.4

api/v17.0.5

api/v17.0.6

api/v17.1.0

api/v17.1.0-rc.1

api/v17.1.1

api/v17.1.2

api/v17.1.3

api/v17.1.4

api/v17.1.5

api/v17.1.6

api/v17.2.0

api/v17.2.1

api/v17.2.7

api/v17.2.8

api/v17.2.9

api/v17.3.0

api/v17.3.1

api/v17.3.2

api/v17.3.3

api/v17.3.4

api/v17.4.0

api/v17.4.1

api/v17.4.2

api/v17.4.3

api/v17.4.4

api/v17.4.5

api/v17.4.6

api/v17.4.7

api/v17.4.8

api/v17.5.0

api/v17.5.1

Other

pull

teleport-connect-preview-1.*

teleport-connect-preview-1.0.0.dev.1

v.*

v.2.5.0-beta.2

v0.*

v0.0.11

v0.1.0-alpha.0

v0.1.0-alpha.1

v0.1.0-alpha.10

v0.1.0-alpha.11

v0.1.0-alpha.12

v0.1.0-alpha.14

v0.1.0-alpha.15

v0.1.0-alpha.16

v0.1.0-alpha.17

v0.1.0-alpha.2

v0.1.0-alpha.3

v0.1.0-alpha.4

v0.1.0-alpha.5

v0.1.0-alpha.6

v0.1.0-alpha.7

v0.1.0-alpha.8

v0.1.0-alpha.9

v0.2.0-alpha.0

v0.2.0-beta.0

v0.2.0-beta.1

v0.2.0-beta.2

v0.2.0-beta.3

v0.2.0-beta.4

v0.2.0-beta.6

v0.2.0-beta.7

v1.*

v1.0.0

v1.0.3

v1.0.4

v1.0.5

v1.1.0

v1.2.0

v1.2.6

v1.3.0

v1.3.1

v1.3.2

v10.*

v10.0.0-dev.david.1

v11.*

v11.0.0-dev.mcbattirola

v11.0.0-dev.walt.1

v12.*

v12.0.0-dev.hatch.ami.1

v12.0.0-mcbattirola

v14.*

v14.1.3-dev.logan.1

v14.1.3-dev.logan.2

v15.*

v15.0.0-dev-cloud.1

v15.0.0-dev.win-test-1

v16.*

v16.0.0-fred.12

v17.*

v17.0.0

v17.0.0-alpha.1

v17.0.0-alpha.2

v17.0.0-alpha.3

v17.0.0-alpha.4

v17.0.0-alpha.5

v17.0.0-beta.1

v17.0.0-beta.2

v17.0.0-dev.gusr.1

v17.0.0-rc.1

v17.0.0-rc.2

v17.0.0-rc.3

v17.0.1

v17.0.2

v17.0.3

v17.0.4

v17.0.5

v17.0.6

v17.1.0

v17.1.0-rc.1

v17.1.1

v17.1.2

v17.1.3

v17.1.4

v17.1.5

v17.1.6

v17.2.0

v17.2.1

v17.2.7

v17.2.8

v17.2.9

v17.3.0

v17.3.1

v17.3.2

v17.3.3

v17.3.4

v17.4.0

v17.4.1

v17.4.2

v17.4.3

v17.4.4

v17.4.5

v17.4.6

v17.4.7

v17.4.8

v17.5.0

v17.5.1

v2.*

v2.0.0-alpha.0

v2.0.0-alpha.3

v2.0.0-alpha.4

v2.0.0-alpha.5

v2.0.0-alpha.6

v2.0.0-alpha.7

v2.0.0-alpha.8

v2.0.0-beta.1

v2.0.0-beta.2

v2.0.0-rc.1

v2.0.0-rc.2

v2.0.0-rc.3

v2.0.0-rc.4

v2.1.0-alpha.2

v2.1.0-alpha.3

v2.1.0-alpha.4

v2.1.0-alpha.5

v2.1.0-alpha.6

v2.2.0

v2.2.0-alpha.8

v2.2.0-alpha.9

v2.2.0-beta.1

v2.2.1

v2.2.2

v2.2.3

v2.3.0

v2.3.0-rc1

v2.3.0-rc2

v2.3.0-rc3

v2.4.0-rc.1

v2.5.0

v2.5.0-alpha.1

v2.5.0-alpha.2

v2.5.0-alpha.3

v2.5.0-alpha.4

v2.5.0-alpha.5

v2.5.0-alpha.6

v2.5.0-beta.1

v2.5.0-beta.2

v2.5.0-rc.1

v2.5.0-rc.2

v2.6.0

v2.6.0-alpha.0

v2.6.0-alpha.1

v2.6.0-alpha.2

v2.6.0-alpha.3

v2.6.0-alpha.4

v2.6.0-alpha.5

v2.6.0-alpha.6

v2.6.0-alpha.7

v2.6.0-alpha.8

v2.6.0-beta.1

v2.6.0-beta.2

v2.6.0-beta.3

v2.6.0-rc.1

v2.6.0-rc.2

v2.6.0-rc.3

v2.7.0-alpha.2

v2.7.0-alpha.3

v2.7.0-alpha.4

v2.7.0-alpha.5

v3.*

v3.0.0-alpha.4

v3.0.0-alpha.5

v3.0.0-alpha.6

v3.0.0-alpha.7

v3.0.0-alpha.9

v3.0.0-beta.1

v3.0.0-rc.1

v3.0.0-rc.2

v3.0.0-rc.3

v3.0.0-rc.4

v3.0.0-rc.5

v3.0.0-rc.6

v3.1.0-alpha.4

v3.2.0-alpha.1

v3.2.0-alpha.2

v4.*

v4.0.0-alpha.1

v4.0.0-beta.1

v4.0.0-rc.1

v4.0.0-rc.2

v4.0.0-rc.3

v4.0.0-rc.4

v4.1.0-alpha.2

v4.1.0-alpha.3

v4.1.0-alpha.4

v4.1.0-alpha.5

v4.1.0-beta.1

v4.1.0-beta.2

v4.1.0-beta.3

v4.2.0-alpha.1

v4.2.0-alpha.2

v4.2.0-alpha.3

v4.2.0-alpha.4

v4.2.0-alpha.5

v4.4.0-alpha.1

v6.*

v6.0.0-alpha.1

v6.0.0-alpha.2

v7.*

v7.0.0-beta.1

v8.*

v8.0.0-alpha.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-49825.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "0.0.0-20250616162021-79b2f26125a1"
            }
        ]
    }
]