Home > Vulnerability Database > CVE-2025-55299

Mend.io Vulnerability Database

CVE-2025-55299

Good to know:

Date: August 18, 2025

VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that previously disabling the password based login only effected the frontend, but still allowed login via the API. This vulnerability is fixed in 0.9.1.

Severity Score

9.4

Related Resources (4)

Url: https://github.com/7ritn/VaulTLS/security/advisories/GHSA-pjfr-pj3h-cw8m

Url: https://github.com/7ritn/VaulTLS/commit/6ac0a43a768f1753f6889ba43f914e773a4b45c0

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-55299

Url: https://www.mend.io/vulnerability-database/CVE-2025-55299

Severity Score

9.4

Weakness Type (CWE)

Weak Password Requirements

CWE-521

Top Fix

Upgrade Version

Upgrade to version https://github.com/7ritn/VaulTLS.git - v0.9.1

Learn More

CVSS v3.1

Base Score:	9.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-55299

Good to know:

Date: August 18, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?