CVE-2025-68435

Zerobyte · Zerobyte

Zerobyte backup automation tool contains an authentication bypass vulnerability, allowing unauthenticated access to API endpoints due to improper middleware application.

Executive summary

An authentication bypass vulnerability in Zerobyte allows unauthenticated attackers to access sensitive API endpoints, posing a severe risk to backup data and system integrity.

Vulnerability

The vulnerability stems from authentication middleware failing to enforce session credential checks on specific API endpoints. This allows an unauthenticated attacker to interact with the API directly over a network.

Business impact

With a CVSS score of 9.1, this vulnerability represents a critical risk, particularly for instances exposed to external networks. Unauthorized access to backup automation tools can result in the loss, manipulation, or theft of critical business data backups, leading to severe operational disruption.

Remediation

Immediate Action: Upgrade Zerobyte immediately to version 0.18.5 or 0.19.0 to ensure authentication middleware is correctly applied.

Proactive Monitoring: Audit API access logs for unauthorized connections or unusual activity from unrecognized IP addresses.

Compensating Controls: If an immediate upgrade is not feasible, restrict network access to the Zerobyte instance to trusted internal networks only via firewall rules or network segmentation.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Given the critical nature of backup infrastructure, this vulnerability must be addressed as a high priority. Administrators should apply the provided patch immediately and review network exposure to ensure the management interface is not accessible to unauthorized parties.