Critical Authentication Bypass Flaw Patched in Teleport
securityweekA critical-severity vulnerability in Teleport could allow remote attackers to bypass SSH authentication and access managed systems.
Teleport on Friday warned of a critical-severity vulnerability in the open source platform that can be exploited remotely to bypass standard authentication controls.
Teleport provides connectivity, authentication, and access control for servers and cloud applications. It supports protocols such as SSH, RDP, and HTTPS, and can be used with Kubernetes and various databases.
Tracked as CVE-2025-49825 (CVSS score of 9.8), the critical flaw can be exploited to circumvent SSH authentication, allowing attackers to access Teleport-managed systems.
The issue impacts Teleport Community Edition versions up to 17.5.1 and was addressed with the release of Teleport versions 17.5.2, 16.5.12, 15.5.3, 14.4.1, 13.4.27, and 12.4.35.
Teleport notes that while the fixes were automatically applied for its cloud customers, self-hosted Teleport agents ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE