Critical Teleport Vulnerability Let Attackers Remotely Bypass Authentication Controls

Critical Teleport Vulnerability Let Attackers Remotely Bypass Authentication Controls

Summary
1. CVE-2025-49825 allows attackers to remotely bypass Teleport's authentication controls, affecting multiple versions of the secure access platform.
2. Teleport has issued security updates for versions 17.5.2, 16.5.12, 15.5.3, 14.4.1, 13.4.27, and 12.4.35, with Cloud customers receiving automatic control plane updates.
3. Organizations must manually update all self-managed Teleport agents using tctl inventory commands to identify vulnerable instances, then upgrade via package managers or enroll in Managed Updates v2.

A critical vulnerability, designated as CVE-2025-49825 that enables attackers to remotely bypass authentication controls in Teleport, a popular secure access platform. 

The vulnerability affects multiple versions of Teleport infrastructure, prompting immediate security updates across all deployment environments. 

Cloud customers have received automatic updates to their control plane versions, while organizations managing their own agents must take immediate action to prevent potential security breaches.

Google News

Critical Authentication Bypass Vulnerability

The critical security flaw, tracked as CVE-2025-49825, represents a significant threat to Teleport deployments worldwide. 

Security researchers discovered that the vulnerability allows malicious actors to circumvent authentication mechanisms remotely, potentially gaining unauthorized access to sensitive infrastructure and systems. 

Teleport has responded by releasing patched versions across multiple major releases, including versions 17.5.2, 16.5.12, 15.5.3, 14.4.1, 13.4.27, and 12.4.35.

For Teleport Cloud customers, the control plane infrastructure received automated security updates. 

Organizations utilizing Managed Updates v2 benefited from automatic agent updates during their designated maintenance windows on June 9, 2025. 

However, environments without automated management require immediate manual intervention to achieve full vulnerability mitigation.

Risk Factors Details
Affected Products – Teleport versions prior to 17.5.2, 16.5.12, 15.5.3, 14.4.1, 13.4.27, and 12.4.35- Teleport Cloud instances with unpatched agents- Self-managed Teleport environments without Managed Updates v2- Kubernetes deployments utilizing Teleport ssh_service
Impact Authentication bypass
Exploit Prerequisites – Network access to vulnerable Teleport instances- Targeting unpatched Teleport versions- Access attempt against authentication controls- Ability to reach Teleport service endpoints
CVSS 3.1 Score 9.8 (Critical)

Agent Updates

Organizations must prioritize updating all Teleport agents running on their infrastructure to eliminate security risks. 

The most efficient approach involves fully enrolling in Managed Updates v2, which provides automated patch management capabilities. 

System administrators can identify vulnerable agents using specific tctl inventory commands tailored to different version ranges:

Critical Teleport Vulnerability Let Attackers Remotely Bypass Authentication Controls

Once identified, agents must be upgraded to the latest patch release matching the cluster version using traditional package managers like apt or yum. 

Following successful upgrades, administrators should enroll all agents by executing sudo teleport-update enable, which transitions management away from traditional package managers.

Organizations may encounter locked agents during the vulnerability response process. Vulnerable agents are automatically locked as a protective measure, requiring updates before lock removal. 

The tctl alerts ack –ttl 48h command can temporarily suppress vulnerability banners for user experience management while updates are completed.

Kubernetes environments require special consideration, as agents should utilize the teleport-kube-agent updater instead of standard teleport-update mechanisms. This updater maintains compatibility with both Managed Updates V1 and V2 systems. 

Unpatched Kubernetes agents remain vulnerable when providing SSH access through Teleport’s ssh_service functionality, emphasizing the critical nature of immediate updates across all deployment scenarios.

Are you from SOC/DFIR Teams! - Interact with malware in the sandbox and find related IOCs. - Request 14-day free trial



Source link