VYPR
Critical severity9.4OSV Advisory· Published Aug 18, 2025· Updated Apr 15, 2026

CVE-2025-55299

CVE-2025-55299

Description

VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that previously disabling the password based login only effected the frontend, but still allowed login via the API. This vulnerability is fixed in 0.9.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • 7ritn/VaultlsOSV2 versions
    v0.5.0, v0.5.1, v0.5.2, …+ 1 more
    • (no CPE)range: v0.5.0, v0.5.1, v0.5.2, …
    • (no CPE)range: <0.9.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.