This article explains a critical remote authentication bypass vulnerability, CVE-2025-49825, that has been identified in Teleport. On June 5th, the vendor uncovered a critical security vulnerability affecting all Teleport versions, allowing remote SSH authentication bypass on servers with Teleport SSH agents, OpenSSH integrated deployments, and Teleport Git proxy deployments. Investigations into this vulnerability are still ongoing, with more information to be released on June 30th, 2025. A patch is available for major versions 12, 13, 14, 15, 16, and 17.
Scope
Affected Versions: All.
Attack Vector: This vulnerability allows for remote SSH authentication bypass on servers with Teleport SSH agents, OpenSSH integrated deployments, and Teleport Git proxy deployments.
Potential Impact: Unauthorized remote access to clusters with Teleport installed.
Solution
To mitigate this vulnerability, self-hosted Teleport users should immediately upgrade Teleport Proxy and SSH services to one of the following versions: 17.5.2, 16.5.12, 15.5.3, 14.4.1, 13.4.27, and 12.4.35. It is recommended that users also upgrade the authentication service and client tools as a precaution.
No other workaround is available.
Lacework FortiCNAPP will automatically detect this vulnerability via the Vulnerability Management module.
