CVE-2025-55299

Name of the Vulnerable Software and Affected Versions: VaulTLS versions prior to 0.9.1

Description: VaulTLS is a solution for managing mTLS (mutual TLS) certificates. User accounts created through the User web UI have an empty password set, allowing attackers to log in with a blank password. Previously, disabling password-based login only affected the frontend, but login via the API remained possible.

Recommendations: Update to version 0.9.1 or later.