Vulnerability Details CVE-2025-9276
Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. This vulnerability could allow remote attackers to bypass authentication on systems that use the affected version of the Cockroach Labs cockroach-k8s-request-cert container image.
The specific flaw exists within the configuration of the system shadow file. The issue results from a blank password setting for the root user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22195.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 57.3%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2025-9276
-
cpe:2.3:a:cockroachlabs:cockroach-k8s-request-cert:-