In Vault and Vault Enterprise versions prior to 1.20.1 (Community Edition), 1.19.7, 1.18.12 and 1.16.23 (Enterprise Edition) a medium severity vulnerability CVE-2025-6014 was detected. This vulnerability allows attackers to reuse TOTP codes within their validity period, potentially bypassing intended security controls. To address this issue, users should upgrade Vault Community Edition to version 1.20.1 or Vault Enterprise to versions 1.20.1, 1.19.7, 1.18.12 or 1.16.23. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6014.
Read more Security
In Vault and Vault Enterprise versions prior to 1.20.1 (Community Edition), 1.19.7, 1.18.12 and 1.16.23 (Enterprise Edition) a low severity vulnerability CVE-2025-6011 was detected. This vulnerability allows attackers to exploit a timing side-channel in the userpass auth method to distinguish between existing and non-existing users, potentially leading to username enumeration. To address this issue, users should upgrade Vault Community Edition to versions 1.20.1 or Vault Enterprise to versions 1.20.1, 1.19.7, 1.18.12 or 1.16.23. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6011.
Read more Security
In Traefik versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1 a critical severity vulnerability CVE-2025-54386 was detected. This vulnerability allows attackers to upload malicious ZIP archives containing path traversal sequences, enabling arbitrary file overwrites outside the intended plugin directory and potentially leading to remote code execution, privilege escalation, persistence, or denial of service. To address this issue, users should upgrade Traefik to versions 2.11.28, 3.4.5 or 3.5.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-54386.
Read more Security
In authentik versions 2025.4.4 and earlier and 2025.6.0-rc1 through 2025.6.3 a high severity vulnerability CVE-2025-53942 was identified. This vulnerability allows deactivated OAuth/SAML users to remain in a half-authenticated state, where they can’t access the API but can still authorize applications if they know the URL. To address this issue, users should upgrade Authentik to versions 2025.4.4 or 2025.6.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53942.
Read more Security
In Keycloak in versions prior to 26.3.0 a high severity vulnerability CVE-2025-7365 was detected. This vulnerability allows an authenticated attacker to exploit the account merging process during an identity provider login. By modifying their email to match that of a victim, the attacker triggers a verification email sent to the victim without revealing their own address. To address this issue users must upgrade to version 26.3.0. For more details, visit https://www.cvedetails.com/cve/CVE-2025-7365/.
Read more Security
In Apache Guacamole versions 1.5.5 and earlier a high severity vulnerability CVE-2024-35164 was detected. This vulnerability allows a malicious user with access to a text-based connection (such as SSH) to exploit improperly validated console codes, potentially leading to arbitrary code execution with the privileges of the running guacd process. To fix this issue, users should upgrade to version 1.6.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-35164.
In authentik versions prior to 2025.4.3 and 2025.6.3 a medium severity vulnerability CVE-2025-52553 was detected. This vulnerability allows unauthorized users to reuse session tokens tied to RAC (Remote Access Component) endpoints by copying URLs containing these tokens, potentially accessing the same session during actions like screensharing. To address this issue, users should upgrade authentik to versions 2025.4.3 or 2025.6.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-52553.
Read more Security
In Vault Community and Vault Enterprise versions prior to 1.20.0 a low severity vulnerability CVE-2025-4656 was detected. This vulnerability allows Vault operators to trigger denial-of-service (DoS) conditions by cancelling rekey or recovery key operations without proper control. To address this issue, users should upgrade Vault Community Edition to versions 1.20.0, Vault Enterprise to versions 1.20.0, 1.19.6, 1.18.11, 1.17.17 or 1.16.22. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4656.
Read more Security
In Traefik versions 2.11.24 and prior, 3.4.0 and prior a low severity vulnerability CVE-2025-47952 was detected. This vulnerability allows attackers to bypass the middleware chain and target unintended backends by exploiting URL-encoded strings in the request path when PathPrefix, Path, or PathRegex matchers are used. To address this issue, users should upgrade to versions 2.11.25, 3.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47952.
Read more Security