CVE-2025-9276 – Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass

September 2, 2025

CVE ID : CVE-2025-9276

Published : Sept. 2, 2025, 8:15 p.m. | 6 hours, 29 minutes ago

Description : Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. This vulnerability could allow remote attackers to bypass authentication on systems that use the affected version of the Cockroach Labs cockroach-k8s-request-cert container image.

The specific flaw exists within the configuration of the system shadow file. The issue results from a blank password setting for the root user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22195.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-22419 – Google Android Tapjacking Overlay Vulnerability

Next Article CVE-2025-8302 – Realtek rtl81xx SDK Wi-Fi Driver Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Top 10 Use Cases of Vibe Coding in Large-Scale Node.js Applications

Building smarter interactions with MCP elicitation: From clunky tool calls to seamless user experiences

From Zero to MCP: Simplifying AI Integrations with xmcp

Distribution Release: Linux Mint 22.2

Coded Smorgasbord: Basically, a Smorgasbord

Drupal 11’s AI Features: What They Actually Mean for Your Team

Drupal 11’s AI Features: What They Actually Mean for Your Team

Why Data Governance Matters More Than Ever in 2025?

Perficient Included in the IDC Market Glance for Digital Business Professional Services, 3Q25

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

Distribution Release: Linux Mint 22.2

‘Cronos: The New Dawn’ was by far my favorite experience at Gamescom 2025 — Bloober might have cooked an Xbox / PC horror masterpiece

CVE-2025-9276 – Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass

Critical Linux UDisks Daemon Vulnerability (CVE-2025-8067) Exposes Privileged Data to Local Attackers

Google Slapped with $381 Million Fine in France Over Gmail Ads, Cookie Consent Missteps

‘The budget card to beat right now’ — Radeon RX 9060 XT reviews are in, and it looks like a win for AMD

CVE-2025-32390 – EspoCRM HTML Injection Vulnerability

ChatGPT is back (mostly)! OpenAI outage ends as services recover. (Update)

CVE-2025-42996 – SAP MDM Server Session Hijacking Vulnerability

Xbox says all the games shown in the 2025 Showcase are still coming — but why should we believe them?

5 Linux distros for businesses looking to save money and protect their assets

My Favorite Obsidian Plugins and Their Hidden Settings

AI Tools vs AI Agents: Differences & How To Use

CVE-2025-9276 – Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass

Related Posts