CVE-2025-68435
Zerobyte · Zerobyte
Zerobyte backup automation tool contains an authentication bypass vulnerability, allowing unauthenticated access to API endpoints due to improper middleware application.
Executive summary
An authentication bypass vulnerability in Zerobyte allows unauthenticated attackers to access sensitive API endpoints, posing a severe risk to backup data and system integrity.
Vulnerability
The vulnerability stems from authentication middleware failing to enforce session credential checks on specific API endpoints. This allows an unauthenticated attacker to interact with the API directly over a network.
Business impact
With a CVSS score of 9.1, this vulnerability represents a critical risk, particularly for instances exposed to external networks. Unauthorized access to backup automation tools can result in the loss, manipulation, or theft of critical business data backups, leading to severe operational disruption.
Remediation
Immediate Action: Upgrade Zerobyte immediately to version 0.18.5 or 0.19.0 to ensure authentication middleware is correctly applied.
Proactive Monitoring: Audit API access logs for unauthorized connections or unusual activity from unrecognized IP addresses.
Compensating Controls: If an immediate upgrade is not feasible, restrict network access to the Zerobyte instance to trusted internal networks only via firewall rules or network segmentation.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Given the critical nature of backup infrastructure, this vulnerability must be addressed as a high priority. Administrators should apply the provided patch immediately and review network exposure to ensure the management interface is not accessible to unauthorized parties.