CVE-2025-10678
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-10678, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-20

Last updated on: 2025-10-21

Assigner: CERT.PL

Description

NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not changed nor the user was removed. This issue has been fixed in version 0.57.0

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-20
Last Modified
2025-10-21
Generated
2026-07-06
AI Q&A
2025-10-20
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
netbird netbird_vpn *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-10678 is a vulnerability in NetBird VPN software versions prior to 0.57.0. When installed using the vendor's provided script, the installation fails to remove or change the default password of an admin account created by ZITADEL, the default identity provider. This means that the default admin credentials remain active, potentially allowing unauthorized access. This issue also affects instances deployed with Docker if the default password was not changed or the admin user was not removed. [1]

Impact Analysis

This vulnerability can allow unauthorized users to gain administrative access to the NetBird VPN instance by using default credentials that were not changed or removed during installation. Such unauthorized access could lead to compromise of the VPN network, exposure of sensitive data, and potential control over network traffic and connected devices. [1]

Detection Guidance

This vulnerability can be detected by checking if the default admin account created by ZITADEL still exists and whether its default password has been changed. Since the issue involves default credentials, you can attempt to authenticate using the default admin username and password. Specific commands are not provided in the resources, but a practical approach would be to try logging into the NetBird VPN admin interface with default credentials or scanning for the presence of the default admin user in the system or Docker instance. For example, inspecting Docker containers or NetBird configuration files for the admin user or attempting authentication via the VPN management interface could help detect the vulnerability. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading NetBird VPN to version 0.57.0 or later, where the vulnerability has been fixed. Additionally, if upgrading immediately is not possible, you should manually remove the default admin account created by ZITADEL or change its default password to a strong, unique password to prevent unauthorized access. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10678. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart