Authentication Bypass Vulnerability in Cockroach Labs Container Image
CVE-2025-9276

9.8CRITICAL

Key Information:

Vendor: Cockroach Labs
Status: Cockroach-k8s-request-cert
Vendor: CVE Published:; 2 September 2025

🔔 Create Cockroach Labs Vulnerability Alert

What is CVE-2025-9276?

The authentication bypass vulnerability in Cockroach Labs' cockroach-k8s-request-cert allows remote attackers to exploit a misconfiguration in the system's shadow file, specifically due to a blank password setting for the root user. This flaw enables unauthorized access to systems using the affected container image, posing significant security risks. Organizations should prioritize patching and monitoring to mitigate potential attacks. For more information, refer to the ZDI-25-855 advisory.

Affected Version(s)

cockroach-k8s-request-cert cockroachdb/cockroach-k8s-request-cert:latest

References

https://www.zerodayinitiative.com/advisories/ZDI-25-855/

x_research-advisory

CVSS V3.0

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2025
Vulnerability Reserved
Aug 20, 2025