PT-2025-42771 · Docker+2 · Docker+2

Adam Sobieraj

Published

2025-09-11

Updated

2025-11-07

CVE-2025-10678

CVSS v4.0

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions NetBird VPN versions prior to 0.57.0

Description NetBird VPN, when installed using the vendor’s provided script, did not remove or change the default password of an admin account created by ZITADEL. This potentially allows for full remote takeover with zero user interaction. Instances created with Docker may also be affected if the default password was not changed or the user was not removed.

Recommendations Update to version 0.57.0 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1392

Related Identifiers

BDU:2025-13935

CVE-2025-10678

GHSA-G3J4-58MP-3X25

GO-2025-4040

OPENSUSE-SU-2025:15710-1

Affected Products

Docker

Netbird Vpn

Zitadel

PT-2025-42771 · Docker+2 · Docker+2

CVE-2025-10678

Weakness Enumeration

Related Identifiers

Affected Products

References · 87