CVE-2025-9276
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-09-04
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cockroach_labs | cockroach-k8s-request-cert | 3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-258 | Using an empty string as a password is insecure. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9276 is a critical authentication bypass vulnerability in the Cockroach Labs cockroach-k8s-request-cert container image. The vulnerability is caused by a misconfiguration in the system shadow file where the root user has a blank password. This flaw allows remote attackers to bypass authentication entirely, gaining unauthorized access to the system. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows remote attackers to bypass authentication without any credentials. An attacker exploiting this flaw can gain full control over the affected system, compromising confidentiality, integrity, and availability of data and services. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking the system shadow file inside the cockroach-k8s-request-cert container image for a blank password entry for the root user. For example, running the command `grep '^root::' /etc/shadow` inside the container can reveal if the root password field is empty, indicating the vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update or discontinue use of the affected cockroach-k8s-request-cert container image, as no other mitigations are indicated. [1]