CVE-2025-10678
BaseFortify
Publication date: 2025-10-20
Last updated on: 2025-10-21
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netbird | netbird_vpn | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1392 | The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10678 is a vulnerability in NetBird VPN software versions prior to 0.57.0. When installed using the vendor's provided script, the installation fails to remove or change the default password of an admin account created by ZITADEL, the default identity provider. This means that the default admin credentials remain active, potentially allowing unauthorized access. This issue also affects instances deployed with Docker if the default password was not changed or the admin user was not removed. [1]
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users to gain administrative access to the NetBird VPN instance by using default credentials that were not changed or removed during installation. Such unauthorized access could lead to compromise of the VPN network, exposure of sensitive data, and potential control over network traffic and connected devices. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the default admin account created by ZITADEL still exists and whether its default password has been changed. Since the issue involves default credentials, you can attempt to authenticate using the default admin username and password. Specific commands are not provided in the resources, but a practical approach would be to try logging into the NetBird VPN admin interface with default credentials or scanning for the presence of the default admin user in the system or Docker instance. For example, inspecting Docker containers or NetBird configuration files for the admin user or attempting authentication via the VPN management interface could help detect the vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading NetBird VPN to version 0.57.0 or later, where the vulnerability has been fixed. Additionally, if upgrading immediately is not possible, you should manually remove the default admin account created by ZITADEL or change its default password to a strong, unique password to prevent unauthorized access. [1]