漏洞描述
Teleport versions prior to 17.5.2 are vulnerable to a remote authentication bypass vulnerability. This issue allows attackers to gain unauthorized access to affected systems.
CVE-2025-49825: Teleport - Authentication Bypass
PoC代码[已公开]
id: CVE-2025-49825
info:
name: Teleport - Authentication Bypass
author: pdteam
severity: critical
description: |
Teleport versions prior to 17.5.2 are vulnerable to a remote authentication bypass vulnerability. This issue allows attackers to gain unauthorized access to affected systems.
classification:
cve-id: CVE-2025-49825
epss-score: 0.09698
epss-percentile: 0.92585
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
reference:
- https://github.com/gravitational/teleport/security/advisories/GHSA-8cqv-pj7f-pwpc
metadata:
verified: true
max-request: 1
shodan-query:
- http.favicon.hash:544208100
- http.favicon.hash:1854879765
- http.favicon.hash:-1275955539
- "Set-Cookie: __Host-grv_csrf"
fofa-query:
- icon_hash="544208100"
- icon_hash="1854879765"
- icon_hash="-1275955539"
- "Set-Cookie: __Host-grv_csrf"
tags: cve,cve2025,teleport,passive,auth-bypass,vuln
http:
- method: GET
path:
- "{{BaseURL}}/webapi/ping"
extractors:
- type: json
name: version
json:
- .server_version
internal: true
- type: json
json:
- '"Teleport Version: "+ .server_version'
matchers-condition: and
matchers:
- type: dsl
name: version_check
dsl:
- compare_versions(version, '< 17.5.2', '>= 17.0.0')
- compare_versions(version, '< 16.5.12', '>= 16.0.0')
- compare_versions(version, '< 15.5.3', '>= 15.0.0')
- compare_versions(version, '< 14.4.1', '>= 14.0.0')
- compare_versions(version, '< 13.4.27', '>= 13.0.0')
- compare_versions(version, '< 12.4.35')
condition: or
- type: dsl
dsl:
- contains_all(body, "server_version", "teleport")
# digest: 490a004630440220150e3083215ff8fd0cb2825e389cec66693af4b3aa41b9ce813a7b1c46c5637502201193761327019e3c15c77b55c4783413313f009ce9655e8539e407b18eeb7a8b:922c64590222798bb761d5b6d8e72950