CVE-2025-49825

Published Jun 17, 2025

Last updated 9 days ago

CVSS critical 9.8
SSH

Overview

Description
Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patch.
Source
security-advisories@github.com
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-863

Social media

Hype score
Not currently trending

  1. Exploiting CVE-2025-49825 (authentication bypass vulnerability in Teleport) https://t.co/4L5TC5yomA

    @_r_netsec

    31 Mar 2026

    431 Impressions

    2 Retweets

    1 Like

    2 Bookmarks

    0 Replies

    0 Quotes

  2. Descubre cómo explotar CVE-2025-49825 y mejorar tu seguridad. Más info aquí: https://t.co/VDaBXMDg7a #Ciberseguridad #CVE

    @AlejosAngel

    13 Feb 2026

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. تحذير: استغلال ثغرة Teleport تم اكتشاف ثغرة CVE-2025-49825 في Teleport تسمح بتجاوز المصادقة. هذا يعني أن المهاجمين قد يتمكنون من الوصول غير المصرح به إلى الأنظمة. ننصح ب

    @MisbarSec

    5 Feb 2026

    56 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Exploiting CVE-2025-49825 (authentication bypass vulnerability in Teleport) https://t.co/g5O7FhUkgF https://t.co/tDSrgyjDJW

    @secharvesterx

    3 Feb 2026

    85 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Exploiting CVE-2025-49825, authentication bypass vulnerability in Teleport https://t.co/7WLiXfrxO3

    @Dinosn

    3 Feb 2026

    1075 Impressions

    1 Retweet

    7 Likes

    5 Bookmarks

    2 Replies

    0 Quotes

  6. CVE-2025-49825 - Fist (public?) full chian for: Teleport allows remote authentication bypass An "older" #pruva reproduction with full chain. Used the repro for the exploit creation that is coming with the minimal SSH client that authenticates with the forged certificate . https:

    @N3mes1s

    31 Oct 2025

    2708 Impressions

    3 Retweets

    30 Likes

    17 Bookmarks

    1 Reply

    0 Quotes

  7. 🚨 CVE-2025-49825 - critical 🚨 Teleport - Authentication Bypass > Teleport versions prior to 17.5.2 are vulnerable to a remote authentication bypass vu... 👾 https://t.co/srceytDU8M @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    24 Sept 2025

    24 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  8. Teleport の脆弱性 CVE-2025-49825 が FIX:リモート認証バイパスの可能性 https://t.co/JHnJvjCcIB Teleport における脆弱性 CVE-2025-49825 は、認証制御のリモート・バイパスという深刻なものです。SSH や Kubernetes

    @iototsecnews

    7 Jul 2025

    71 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. A critical vulnerability (CVE-2025-49825) in Teleport up to version 17.5.1 allows remote attackers to bypass SSH authentication. Cloud users are auto-updated, but self-hosted agents must be patched immediately. 🚨 #Teleport #Security #UK https://t.co/uqwjauJnfb

    @TweetThreatNews

    23 Jun 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Critical Authentication Bypass Flaw Patched in Teleport Teleport has disclosed a critical vulnerability (CVE-2025-49825, CVSS 9.8) in its open-source platform that allows remote attackers to bypass SSH authentication. The flaw affects Teleport Community Edition versions up to ht

    @dCypherIO

    23 Jun 2025

    114 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. [CVE-2025-49825: CRITICAL] Stay alert: Teleport's Community Edition versions up to 17.5.1 have a security flaw allowing remote authentication bypass. No fix released yet. #cybersecurity#cve,CVE-2025-49825,#cybersecurity https://t.co/xk1mBikhli https://t.co/UftJOpULSR

    @CveFindCom

    18 Jun 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CVE-2025-49825 Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to… https://t.co/wgNQUp4jBC

    @CVEnew

    17 Jun 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Critical Alert ⚠️CVE-2025-49825 (CVSS 9.8): Teleport Remote Auth Bypass! 🚨 Affects Teleport 12.4.35 → 17.5.2 🔧 Patch now: https://t.co/AcR5a3V97I 🔍 Details & mitigations: https://t.co/I9hRSAEC4B Upgrade your Proxy & agents ASAP! #CVE202549825 #Tele

    @empherehq

    17 Jun 2025

    13 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.CVE-2026-35414
  2. In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).CVE-2026-35385
  3. Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.CVE-2026-3497
  4. A vulnerability allowing a low-privileged user to extract saved SSH credentials.CVE-2026-21670
  5. A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is considered difficult. The actual existence of this vulnerability is currently in question. Patch name: fdec3c90a15447bd538641d85e5a3e3ac981011d. To fix this issue, it is recommended to deploy a patch. The project maintainer explains: "Signature Malleability is not exploitable in SSH protocol. (...) [A] PoC doesn't exist for SSH implementation, but rather it's against the internal API."CVE-2026-3706

References

Sources include official advisories and independent security research.