CVE-2025-49825: Teleport allows remote authentication bypass
(updated )
A full technical disclosure and open-source patch will be published after the embargo period, ending on June 30th, to allow all users to upgrade.
Teleport security engineers identified a critical security vulnerability that could allow remote authentication bypass of Teleport.
Teleport Cloud Infrastructure and CI/CD build, test, and release infrastructure aren’t affected.
For the full mitigation, upgrade both Proxy and Teleport agents. It is strongly recommend updating clients to the released patch versions as a precaution.
Have questions?
- OSS Community: opensource@goteleport.com
- Legal: legal@goteleport.com
- Security: security@goteleport.com
- Customer Support: goteleport.com/support
- Media Inquiries: teleport@babelpr.com
References
Code Behaviors & Features
Detect and mitigate CVE-2025-49825 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →