21/08/2025

ZDI-25-855: (0Day) Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability

This vulnerability could allow remote attackers to bypass authentication on systems that use the affected version of the Cockroach Labs cockroach-k8s-request-cert container image. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-9276.

Comments are closed.

You may also like

ZDI-25-840: (Pwn2Own) Microsoft Windows 11 vhdmp Improper Validation of Array Index Local Privilege Escalation Vulnerability

ZDI-25-881: Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOids Out-Of-Bounds Read Information Disclosure Vulnerability