CVE-2015-0842
published 2025-06-26CVE-2015-0842: yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.35%
26.7th percentile
yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | yubiserver | < yubiserver 0.6-1 (bookworm) | yubiserver 0.6-1 (bookworm) |
| debian | yubiserver | — | — |
| debian | yubiserver | — | — |
| yubiserver | yubiserver | < 0.6 | 0.6 |
| yubiserver | yubiserver | >= 0 < 0.6-1 | 0.6-1 |
| yubiserver | yubiserver | >= 0 < 0.6-1 | 0.6-1 |
| yubiserver | yubiserver | >= 0 < 0.6-1 | 0.6-1 |
Detection & IOCsextracted from sources · hover to see the quote
- ·Vulnerability only affects yubiserver versions before 0.6; fixed in version 0.6-1 across Debian bookworm, bullseye, and trixie. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-94p4-xmcw-jjpr: yubiserver before 0
ghsa_unreviewed·2025-06-27
CVE-2015-0842 [CRITICAL] CWE-89 GHSA-94p4-xmcw-jjpr: yubiserver before 0
yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.
OSV
CVE-2015-0842: yubiserver before 0
osv·2025-06-26·CVSS 9.8
CVE-2015-0842 [CRITICAL] CVE-2015-0842: yubiserver before 0
yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.
Debian
CVE-2015-0842: yubiserver - yubiserver before 0.6 is prone to SQL injection issues, potentially leading to a...
vendor_debian·2015·CVSS 9.8
CVE-2015-0842 [CRITICAL] CVE-2015-0842: yubiserver - yubiserver before 0.6 is prone to SQL injection issues, potentially leading to a...
yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.
Scope: local
bookworm: resolved (fixed in 0.6-1)
bullseye: resolved (fixed in 0.6-1)
trixie: resolved (fixed in 0.6-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-26
Published