CVE-2025-10678
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-20

Last updated on: 2025-10-21

Assigner: CERT.PL

Description
NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not changed nor the user was removed. This issue has been fixed in version 0.57.0
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-20
Last Modified
2025-10-21
Generated
2026-06-16
AI Q&A
2025-10-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-10678
EUVD
EUVD-2025-35061
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
netbird netbird_vpn *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-10678 is a vulnerability in NetBird VPN software versions prior to 0.57.0. When installed using the vendor's provided script, the installation fails to remove or change the default password of an admin account created by ZITADEL, the default identity provider. This means that the default admin credentials remain active, potentially allowing unauthorized access. This issue also affects instances deployed with Docker if the default password was not changed or the admin user was not removed. [1]

Impact Analysis

This vulnerability can allow unauthorized users to gain administrative access to the NetBird VPN instance by using default credentials that were not changed or removed during installation. Such unauthorized access could lead to compromise of the VPN network, exposure of sensitive data, and potential control over network traffic and connected devices. [1]

Detection Guidance

This vulnerability can be detected by checking if the default admin account created by ZITADEL still exists and whether its default password has been changed. Since the issue involves default credentials, you can attempt to authenticate using the default admin username and password. Specific commands are not provided in the resources, but a practical approach would be to try logging into the NetBird VPN admin interface with default credentials or scanning for the presence of the default admin user in the system or Docker instance. For example, inspecting Docker containers or NetBird configuration files for the admin user or attempting authentication via the VPN management interface could help detect the vulnerability. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading NetBird VPN to version 0.57.0 or later, where the vulnerability has been fixed. Additionally, if upgrading immediately is not possible, you should manually remove the default admin account created by ZITADEL or change its default password to a strong, unique password to prevent unauthorized access. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10678. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart