PT-2025-51980 · Zerobyte · Zerobyte
T0Mer
·
Published
2025-12-17
·
Updated
2026-03-05
·
CVE-2025-68435
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Zerobyte versions prior to 0.18.5
Zerobyte versions prior to 0.19.0
Description
Zerobyte, a backup automation tool, has an issue where authentication middleware is not correctly applied to certain API endpoints. This allows access to these endpoints without valid session credentials. The issue is considered dangerous for instances exposed outside of internal networks. The vulnerable API endpoints are accessible without authentication.
Recommendations
Versions prior to 0.18.5 should be updated to version 0.18.5 or later.
Versions prior to 0.19.0 should be updated to version 0.19.0 or later.
If an immediate upgrade is not possible, restrict network access to the Zerobyte instance to trusted networks using firewall rules or network segmentation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zerobyte