FKIE_CVE-2025-55299

Vulnerability from fkie_nvd - Published: 2025-08-18 18:15 - Updated: 2025-08-18 20:16
Severity ?
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Summary
VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that previously disabling the password based login only effected the frontend, but still allowed login via the API. This vulnerability is fixed in 0.9.1.
References
security-advisories@github.comhttps://github.com/7ritn/VaulTLS/commit/6ac0a43a768f1753f6889ba43f914e773a4b45c0
security-advisories@github.comhttps://github.com/7ritn/VaulTLS/security/advisories/GHSA-pjfr-pj3h-cw8m
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that previously disabling the password based login only effected the frontend, but still allowed login via the API. This vulnerability is fixed in 0.9.1."
    },
    {
      "lang": "es",
      "value": "VaulTLS es una soluci\u00f3n moderna para la gesti\u00f3n de certificados mTLS (TLS mutuo). Antes de la versi\u00f3n 0.9.1, las cuentas de usuario creadas a trav\u00e9s de la interfaz web de usuario ten\u00edan una contrase\u00f1a vac\u00eda, pero no nula. Los atacantes pod\u00edan usarla para iniciar sesi\u00f3n con una contrase\u00f1a vac\u00eda. Esto se suma a que, anteriormente, deshabilitar el inicio de sesi\u00f3n con contrase\u00f1a solo afectaba al frontend, pero permit\u00eda el inicio de sesi\u00f3n mediante la API. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 0.9.1."
    }
  ],
  "id": "CVE-2025-55299",
  "lastModified": "2025-08-18T20:16:28.750",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 9.4,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.5,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-18T18:15:40.023",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/7ritn/VaulTLS/commit/6ac0a43a768f1753f6889ba43f914e773a4b45c0"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/7ritn/VaulTLS/security/advisories/GHSA-pjfr-pj3h-cw8m"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-521"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.