CRITICAL🇵🇱 Wersja polska

CVE-2025-9276

CVSS 9.8v3.0pub. 2025-09-02upd. 2026-01-30

Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. This vulnerability could allow remote attackers to bypass authentication on systems that use the affected version of the Cockroach Labs cockroach-k8s-request-cert container image. The specific flaw exists within the configuration of the system shadow file. The issue results from a blank password setting for the root user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22195.

🤖 AI Analysis
How it works

In the shadow file configuration of the operating system, the root account has been assigned an empty password (blank password). This means that the authentication mechanism does not require the user to provide any credentials when logging into the root account. A remote attacker can exploit this vulnerability to gain system access without needing to know the password.

Impact

An attacker can completely bypass authentication and gain unauthorized access to the system with root account privileges, resulting in full takeover of the container environment — including data confidentiality, integrity, and availability.

Mitigation & patch

Apply patches available from the vendor according to the references. As a temporary workaround, it is recommended to immediately set a strong password for the root account in the shadow file or replace the vulnerable container image with an updated version.

Who is affected

Cockroach Labs cockroach-k8s-request-cert container image — versions indicated in the vendor references and in the ZDI-25-855 advisory.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cockroachlabs Cockroach K8s Request Cert

    APP
    Cockroachlabs
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassContainer
CWE
References