CVE-2025-49825
published 2025-06-17CVE-2025-49825: Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are…
PriorityP276critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
7.75%
93.9th percentile
Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patch.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | gravitational_teleport | 0 – 0.0.0-20250616162021-79b2f26125a1 | — |
| github.com | gravitational_teleport | >= 0.0.11 < 12.4.35 | 12.4.35 |
| github.com | gravitational_teleport | >= 0.0.11 | — |
| github.com | gravitational_teleport | >= 13.0.0 < 13.4.27 | 13.4.27 |
| github.com | gravitational_teleport | >= 14.0.0 < 14.4.1 | 14.4.1 |
| github.com | gravitational_teleport | >= 15.0.0 < 15.5.3 | 15.5.3 |
| github.com | gravitational_teleport | >= 16.0.0 < 16.5.12 | 16.5.12 |
| github.com | gravitational_teleport | >= 17.0.0 < 17.5.2 | 17.5.2 |
| gravitational | teleport | <= 17.5.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Probe GET /webapi/ping and extract the server_version JSON field; match if the response body contains both 'server_version' and 'teleport' and the version falls within a vulnerable range. ↗
- →Vulnerable version ranges: any 17.x before 17.5.2, 16.x before 16.5.12, 15.x before 15.5.3, 14.x before 14.4.1, 13.x before 13.4.27, and any 12.x before 12.4.35. ↗
- →Identify Teleport instances via Shodan/FOFA using favicon hashes 544208100, 1854879765, or -1275955539, or by the presence of the Set-Cookie header containing __Host-grv_csrf. ↗
- ·Community Edition versions before and including 17.5.1 are confirmed vulnerable; no open-source patch was available at time of NVD posting — verify patch availability before relying on version checks alone. ↗
- ·The Nuclei template version-check DSL uses broad major-version equality matchers (e.g., '= 17.0.0') which may not accurately capture all patch levels; supplement with the '< 12.4.35' style comparisons for older branches. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Remote authentication bypass in github.com/gravitational/teleport
osv·2025-07-28
CVE-2025-49825 Remote authentication bypass in github.com/gravitational/teleport
Remote authentication bypass in github.com/gravitational/teleport
Remote authentication bypass in github.com/gravitational/teleport.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/gravitational/teleport from v16.0.0 before v16.5.12; github.com/gravitational/teleport before v12.4.35, from v13.0.0 before v13.4.27, from v14.0.0 before v14.4.1, from v15.0.0 before v15.5.3, from v17.0.0 before v17.5.2.
GHSA
Teleport allows remote authentication bypass
ghsa·2025-06-16
CVE-2025-49825 [CRITICAL] CWE-863 Teleport allows remote authentication bypass
Teleport allows remote authentication bypass
### Impact
A full technical disclosure and open-source patch will be published after the embargo period, ending on June 30th, to allow all users to upgrade.
Teleport security engineers identified a critical security vulnerability that could allow remote authentication bypass of Teleport.
Teleport Cloud Infrastructure and CI/CD build, test, and release infrastructure aren’t affected.
For the full mitigation, upgrade both Proxy and Teleport agents. It is strongly recommend updating clients to the released patch versions as a precaution.
Have questions?
- OSS Community: [[email protected]](mailto:[email protected])
- Legal: [[email protected]](mailto:[email protected])
- Security: [[email protected]](mailto:secur
OSV
Teleport allows remote authentication bypass
osv·2025-06-16
CVE-2025-49825 [CRITICAL] Teleport allows remote authentication bypass
Teleport allows remote authentication bypass
### Impact
A full technical disclosure and open-source patch will be published after the embargo period, ending on June 30th, to allow all users to upgrade.
Teleport security engineers identified a critical security vulnerability that could allow remote authentication bypass of Teleport.
Teleport Cloud Infrastructure and CI/CD build, test, and release infrastructure aren’t affected.
For the full mitigation, upgrade both Proxy and Teleport agents. It is strongly recommend updating clients to the released patch versions as a precaution.
Have questions?
- OSS Community: [[email protected]](mailto:[email protected])
- Legal: [[email protected]](mailto:[email protected])
- Security: [[email protected]](mailto:secur
No detection rules found.
Nuclei
Teleport - Authentication Bypass
nuclei·CVSS 9.8
CVE-2025-49825 [CRITICAL] Teleport - Authentication Bypass
Teleport - Authentication Bypass
Teleport versions prior to 17.5.2 are vulnerable to a remote authentication bypass vulnerability. This issue allows attackers to gain unauthorized access to affected systems.
Template:
id: CVE-2025-49825
info:
name: Teleport - Authentication Bypass
author: pdteam
severity: critical
description: |
Teleport versions prior to 17.5.2 are vulnerable to a remote authentication bypass vulnerability. This issue allows attackers to gain unauthorized access to affected systems.
impact: |
Attackers can bypass authentication mechanisms to gain unauthorized access to Teleport systems, potentially compromising protected infrastructure and sensitive resources.
remediation: |
Upgrade Teleport to version 17.5.2, 16.5.12, 15.5.3, 14.4.1, 13.4.27, or 12.4.35 depending on
2025-06-17
Published