Mutual TLS Vulnerability in Akka.Remote for Akka.NET by Akka
CVE-2025-61778

9.3CRITICAL

Key Information:

Vendor

Akkadotnet

Status
Akka.net
Vendor
CVE Published:
6 October 2025

What is CVE-2025-61778?

A vulnerability in Akka.Remote affects versions v1.2.0 to v1.5.51 of Akka.NET, allowing untrusted parties to connect without presenting a certificate. This failure to implement mutual TLS means that private key authentication is insufficiently enforced. Although users in protected environments may be less affected, those deploying TLS must upgrade to version 1.5.52 or later to secure their networks properly. The updates enforce certificate checks on both clients and servers, thereby mitigating unauthorized access risks.

Affected Version(s)

akka.net >= 1.2.0, < 1.5.52

References

https://github.com/akkadotnet/akka.net/security/advisorie...
x_refsource_CONFIRM
https://github.com/akkadotnet/akka.net/pull/7847
x_refsource_MISC
https://github.com/akkadotnet/akka.net/pull/7851
x_refsource_MISC

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-61778 : Mutual TLS Vulnerability in Akka.Remote for Akka.NET by Akka