id: CVE-2025-49825 info: name: Teleport - Authentication Bypass author: pdteam severity: critical description: | Teleport versions prior to 17.5.2 are vulnerable to a remote authentication bypass vulnerability. This issue allows attackers to gain unauthorized access to affected systems. impact: | Attackers can bypass authentication mechanisms to gain unauthorized access to Teleport systems, potentially compromising protected infrastructure and sensitive resources. remediation: | Upgrade Teleport to version 17.5.2, 16.5.12, 15.5.3, 14.4.1, 13.4.27, or 12.4.35 depending on your version branch. classification: cve-id: CVE-2025-49825 epss-score: 0.07754 epss-percentile: 0.93858 cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 reference: - https://github.com/gravitational/teleport/security/advisories/GHSA-8cqv-pj7f-pwpc metadata: verified: true max-request: 1 shodan-query: - http.favicon.hash:544208100 - http.favicon.hash:1854879765 - http.favicon.hash:-1275955539 - "Set-Cookie: __Host-grv_csrf" fofa-query: - icon_hash="544208100" - icon_hash="1854879765" - icon_hash="-1275955539" - "Set-Cookie: __Host-grv_csrf" tags: cve,cve2025,teleport,passive,auth-bypass,vuln http: - method: GET path: - "{{BaseURL}}/webapi/ping" extractors: - type: json name: version json: - .server_version internal: true - type: json json: - '"Teleport Version: "+ .server_version' matchers-condition: and matchers: - type: dsl name: version_check dsl: - compare_versions(version, '< 17.5.2', '>= 17.0.0') - compare_versions(version, '< 16.5.12', '>= 16.0.0') - compare_versions(version, '< 15.5.3', '>= 15.0.0') - compare_versions(version, '< 14.4.1', '>= 14.0.0') - compare_versions(version, '< 13.4.27', '>= 13.0.0') - compare_versions(version, '< 12.4.35') condition: or - type: dsl dsl: - contains_all(body, "server_version", "teleport") # digest: 4a0a004730450220662f0706a45e2f24ecdde91c3ba6083567458818a6c135140f9aab9e96e42f1f022100982fe14eda8e4ed83851a8e624335c6a0d250bafe731102a0b2a2484f91c51c2:922c64590222798bb761d5b6d8e72950