Teleport is an open-source security tool that provides developers and system administrators with secure access to infrastructure resources such as servers (SSH) and Kubernetes clusters (K8s). It enforces role-based access control, supports various authentication methods, and captures audit logs for user sessions and actions. Teleport's focus on secure access, access control, and auditing makes it an essential solution for managing and securing modern infrastructure.

Teleport

### Impact
A full technical disclosure and open-source patch will be published after the embargo period, ending on June 30th, to allow all users to upgrade.
Teleport security engineers identified a critical security vulnerability that could allow remote authentication bypass of Teleport.  
Teleport Cloud Infrastructure and CI/CD build, test, and release infrastructure aren’t affected. 
For the full mitigation, upgrade both Proxy and Teleport agents. It is strongly recommend updating clients to the released patch versions as a precaution.
Have questions? 
- OSS Community: [opensource@goteleport.com](mailto:opensource@goteleport.com) 
- Legal: [legal@goteleport.com](mailto:legal@goteleport.com)
- Security: [security@goteleport.com](mailto:security@goteleport.com)
- Customer Support: [goteleport.com/support](https://goteleport.com/support)
- Media Inquiries: [teleport@babelpr.com](mailto:teleport@babelpr.com)
### Patches
Fixed in versions: 17.5.2, 16.5.12, 15.5.3, 14.4.1, 13.4.27, 12.4.35.
These patches are available only on the [official Teleport distribution channels](https://goteleport.com/docs/installation/). 
These versions are designated as _Critical Security Exception Versions_. 
_For these specific patch versions of Teleport Community Edition, the Community Edition restrictions are removed on employee count or revenue thresholds, as long as you apply the patch within thirty (30) days of its official release._
_Please read the full text of the updated Teleport Community Edition license for details._

CVE-2025-49825

GoLang

GitHub Advisory Database

Linux

Linux Kernel

Windows

Windows Cumulative Update

Trend Micro Apex Central is a centralized security management console for enterprises. It provides visibility and control across multiple layers of security, including endpoint, mobile, server, and network protection.

Apex Central

An insecure deserialization operation in Trend Micro Apex Central could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method.

CVE-2025-49220

An insecure deserialization operation in Trend Micro Apex Central could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.

CVE-2025-49219

Cisco Identity Services Engine (ISE) is a network administration and security platform that provides secure access control, device profiling, and policy enforcement. It enables organizations to manage network access across wired, wireless, and VPN connections while ensuring compliance with security policies.

Cisco ISE

A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.

This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.
Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected.

CVE-2025-20286

Grafana is an open-source visualization and analytics software. It allows you to query, visualize, alert on, and explore your metrics and time-series database (TSDB) data.

Grafana

AlmaLinux OS is an open-source, community-driven Linux operating system that fills the gap left by the discontinuation of the CentOS Linux stable release. AlmaLinux OS is a 1:1 binary compatible fork of RHEL®, guided and built by the community.

Alma Linux

Alibaba Cloud Linux (Aliyun Linux) OS is an open-source Linux distribution originated by the Alibaba Operating System team, aiming to deliver OS services with various functionalities, high performance, and stability to Alibaba Cloud Elastic Compute Service (ECS) customers.

Alibaba Cloud Linux (Aliyun Linux)

Chainguard is a Linux distribution based on Alpine. It's the commercial version of the Wolfi distro.

Chainguard

Red Hat Enterprise Linux is a Linux distribution developed by Red Hat for the commercial market.

Linux Red Hat

Oracle Linux is a Linux distribution packaged and freely distributed by Oracle, available partially under the GNU General Public License since late 2006. It is compiled from Red Hat Enterprise Linux source code, replacing Red Hat branding with Oracle's.

Linux Oracle

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.

The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.

CVE-2025-4123

AlmaLinux

AlmaLinux Security Advisory

Red Hat

Red Hat Errata

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

CVE-2025-6170

Debian GNU/Linux is a Linux distribution composed of free and open-source software.

Linux Debian

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.

CVE-2025-49796

Debian

Debian Security Tracker

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

CVE-2025-49795

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-49825	CRITICAL	9.8	Teleport	github.com/gravitational/teleport	No	Yes	Jun 16, 2025
CVE-2025-49220	CRITICAL	9.8	Apex Central	cpe:2.3:a:trendmicro:apex_central	No	Yes	Jun 10, 2025
CVE-2025-49219	CRITICAL	9.8	Apex Central	cpe:2.3:a:trendmicro:apex_central	No	Yes	Jun 10, 2025
CVE-2025-20286	CRITICAL	9.9	Cisco ISE	cpe:2.3:a:cisco:identity_services_engine	No	Yes	Jun 04, 2025
CVE-2025-4123	HIGH	7.6	Grafana	cpe:2.3:a:grafana:grafana	No	Yes	May 22, 2025

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-49825	CRITICAL	9.8	Teleport	github.com/gravitational/teleport	No	Yes	Jun 16, 2025
CVE-2025-6170	LOW	2.5	Linux Red Hat	libxml2-static	No	No	Jun 16, 2025
CVE-2025-49796	CRITICAL	9.1	Linux Debian	python3-libxml2	No	No	Jun 16, 2025
CVE-2025-49795	HIGH	7.5	Linux Debian	libxml2	No	No	Jun 16, 2025
CVE-2025-49794	CRITICAL	9.1	Linux Debian	libxml2	No	No	Jun 16, 2025

Wiz Vulnerability Database

Explore by technology

Popular filters

High Profile

Most Recent

Vulnerabilities by the numbers

The good, the bad, and the vulnerable

Additional Wiz resources

Cloud Vulnerability DB

Cloud threat landscape

PEACH

Ready to see Wiz in action?