Teleport is a widely used open-source platform for secure access to servers, cloud applications, and infrastructure. It provides centralized access management and security controls for organizations managing distributed systems and cloud resources.

Have the technical details of CVE-2025-49825 been disclosed?

No, the technical details of the vulnerability have not been disclosed due to an embargo period ending June 30, 2025. Teleport will provide a full technical disclosure and open-source patch details after this embargo period to allow all users sufficient time to upgrade their systems.

Which Teleport deployments are affected by CVE-2025-49825?

The vulnerability impacts multiple deployment scenarios including self-hosted Teleport deployments, Teleport SSH agents and proxy servers, OpenSSH-integrated deployments using Teleport, Teleport Git proxy setups, and systems running Teleport Community Edition versions up to 17.5.1, along with earlier major releases across multiple version branches.

Which Teleport versions are affected by this vulnerability?

All Teleport versions prior to the following patched releases are affected: versions before 17.5.2 in the 17.x branch, before 16.5.12 in the 16.x branch, before 15.5.3 in the 15.x branch, before 14.4.1 in the 14.x branch, before 13.4.27 in the 13.x branch, and before 12.4.35 in the 12.x branch.

What do self-hosted Teleport users need to do?

Self-hosted users must manually upgrade all Teleport agents and proxies to the patched versions that match their cluster's major version. Both Proxy and Teleport agents must be upgraded for full mitigation of the vulnerability. Organizations are also strongly recommended to update Teleport clients to the released patch versions.

Why is this vulnerability particularly critical for organizations?

This vulnerability is particularly critical because Teleport is often used as a central access control point for sensitive infrastructure, servers, databases, and cloud applications. A complete authentication bypass means attackers could potentially access any resource managed through Teleport, making this a single point of failure that could compromise an organization's entire infrastructure.

What makes this Teleport vulnerability especially urgent to patch?

The vulnerability has a critical CVSS score of 9.8, allows complete authentication bypass with remote access, affects a widely-used access control platform, impacts multiple deployment scenarios, and has patches available across all supported major releases. The combination of high severity, wide impact, and the central role Teleport plays in infrastructure security makes immediate patching essential to prevent potential complete infrastructure compromise.

Advisory

Critical remote authentication bypass flaw reported in Teleport access management platform

Q: What is CVE-2025-49825?

CVE-2025-49825 (CVSS score 9.8) is a critical security vulnerability in Teleport that allows remote attackers to bypass authentication controls entirely, potentially granting unauthorized access to sensitive systems, servers, databases, and cloud applications managed through Teleport.

Q: What can attackers do if they exploit this Teleport vulnerability?

The vulnerability enables remote attackers to bypass authentication controls entirely, potentially granting unauthorized access to sensitive systems, servers, databases, and cloud applications managed through Teleport. This could lead to complete compromise of managed infrastructure.

Q: Are Teleport Cloud customers automatically protected?

Yes, for Teleport Cloud customers, control plane updates were applied automatically during the disclosure process. Agents enrolled in Managed Updates v2 were automatically updated to patched versions during scheduled maintenance windows.

Q: What special provisions has Teleport made for Community Edition users?

Teleport has designated the patch versions as 'Critical Security Exception Versions' and temporarily removed Community Edition restrictions on employee count and revenue thresholds for organizations that apply the patches within thirty days of their official release.

published: June 23, 2025

Take action: If you use self-hosted Teleport for infrastructure access, this is urgent and important. Immediately update to the latest patched version for your branch (17.5.2, 16.5.12, 15.5.3, 14.4.1, 13.4.27, or 12.4.35). Make sure to update both your Teleport proxy servers AND all agents - the vulnerability isn't fully patched until both components are upgraded.

Learn More

Teleport, a widely used open-source platform for secure access to servers, cloud applications, and infrastructure, is reporting acritical security vulnerability that allows remote authentication bypass.

The vulnerability is tracked as CVE-2025-49825 (CVSS score 9.8) and enables remote attackers to bypass authentication controls entirely, potentially granting unauthorized access to sensitive systems, servers, databases, and cloud applications managed through Teleport.

The technical details of the vulnerability have not been disclosed due to an embargo period ending June 30, 2025. Teleport claims they will provide a full technical disclosure and open-source patch details after this embargo period to allow all users sufficient time to upgrade their systems.

The vulnerability impacts multiple deployment scenarios and system configurations:

Self-hosted Teleport deployments running vulnerable versions
Teleport SSH agents and proxy servers
OpenSSH-integrated deployments using Teleport
Teleport Git proxy setups
Systems running Teleport Community Edition versions up to 17.5.1
Earlier major releases across multiple version branches

All Teleport versions prior to the following patched releases are affected:

Versions before 17.5.2 in the 17.x branch
Versions before 16.5.12 in the 16.x branch
Versions before 15.5.3 in the 15.x branch
Versions before 14.4.1 in the 14.x branch
Versions before 13.4.27 in the 13.x branch
Versions before 12.4.35 in the 12.x branch

Teleport has released patched versions across all supported major releases. The company has designated these specific patch versions as "Critical Security Exception Versions" and temporarily removed Community Edition restrictions on employee count and revenue thresholds for organizations that apply the patches within thirty days of their official release.

For Teleport Cloud customers, control plane updates were applied automatically during the disclosure process. Agents enrolled in Managed Updates v2 were automatically updated to patched versions during scheduled maintenance windows. Self-hosted users must manually upgrade all Teleport agents and proxies to the patched versions that match their cluster's major version.

The company requires both Proxy and Teleport agents to be upgraded for full mitigation of the vulnerability. Organizations are also strongly recommended to update Teleport clients to the released patch versions as an additional precautionary measure.

For self-hosted deployments, administrators should immediately identify agents not enrolled in Managed Updates v2 using "tctl inventory ls" commands and upgrade these agents using standard package managers (apt, yum) or enroll them in Managed Updates v2 by running "sudo teleport-update enable." Kubernetes deployments require updates using the teleport-kube-agent updater.

Critical remote authentication bypass flaw reported in Teleport access management platform

Read More
Rhino Security Labs report multiple flaws in default …
Zimbra fixes flaws in Zimbra Collaboration, at least …
IBM Personal Communications flaw exposes risk of remote …
Broadcom and CISA Warn of Active Exploitation in …
CISA warns that AMI MegaRAC Vulnerability that enables …