Description

VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that previously disabling the password based login only effected the frontend, but still allowed login via the API. This vulnerability is fixed in 0.9.1.

INFO

Published Date :

2025-08-18T17:36:28.462Z

Last Modified :

2025-08-18T17:54:17.654Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-55299 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-55299.

URL Resource
https://github.com/7ritn/VaulTLS/commit/6ac0a43a768f1753f6889ba43f914e773a4b45c0 cve-icon cve-icon
https://github.com/7ritn/VaulTLS/security/advisories/GHSA-pjfr-pj3h-cw8m cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact