CVE-2025-49825

Name of the Vulnerable Software and Affected Versions Teleport versions prior to 17.5.2 Teleport versions 17.0.0 through 17.5.1 Teleport versions 16.0.0 through 16.5.11 Teleport versions 15.0.0 through 15.5.2 Teleport versions 14.0.0 through 14.4.0 Teleport versions 13.0.0 through 13.4.26 Teleport versions 12.0.0 through 12.4.34 Teleport versions 0.0.11 through 12.4.34

Description Teleport is a platform providing connectivity, authentication, access controls, and audit capabilities for infrastructure. A critical issue exists that allows for remote authentication bypass. This flaw could allow attackers to bypass SSH authentication and gain unauthorized access to systems. The vulnerability affects Teleport Proxy and agent versions. The issue stems from incorrect authorization. While cloud users are automatically updated, self-hosted agents require manual patching. There is no evidence of exploitation in real-world scenarios at the time of reporting.

Recommendations Update to Teleport version 17.5.2. Update to Teleport version 16.5.12. Update to Teleport version 15.5.3. Update to Teleport version 14.4.1. Update to Teleport version 13.4.27. Update to Teleport version 12.4.35.