CVE-2025-55299 is a critical vulnerability affecting versions of the 7ritn VaulTLS product prior to 0.9.1. VaulTLS is a solution designed to manage mutual TLS (mTLS) certificates, which are crucial for secure communications in many enterprise environments. The vulnerability arises from weak password requirements and improper handling of password-based authentication. Specifically, user accounts created through the User web UI were assigned an empty password (empty string) rather than a NULL or properly randomized password. This flaw allows attackers to authenticate by simply submitting an empty password. Compounding this issue, the mechanism to disable password-based login only affected the frontend interface, leaving the backend API authentication still accepting empty passwords. This means that even if administrators disabled password login via the UI, attackers could bypass this restriction by interacting directly with the API. The vulnerability is classified under CWE-521 (Weak Password Requirements), indicating a fundamental design flaw in password management. The CVSS v3.1 score of 9.4 (critical) reflects the vulnerability's high impact and ease of exploitation: it requires no privileges, no user interaction, and can be exploited remotely over the network. The impact includes full compromise of confidentiality and integrity, with some impact on availability. This vulnerability was fixed in version 0.9.1 of VaulTLS. No known exploits are currently reported in the wild, but the severity and simplicity of exploitation make it a high-risk issue for organizations using affected versions. Organizations relying on VaulTLS for mTLS certificate management should prioritize upgrading to 0.9.1 or later to remediate this flaw.

For European organizations, the impact of this vulnerability can be significant. VaulTLS is used to manage mTLS certificates, which are often employed to secure internal communications, authenticate services, and protect sensitive data exchanges. Exploitation of this vulnerability allows an unauthenticated attacker to gain unauthorized access to user accounts, potentially leading to unauthorized issuance, revocation, or modification of certificates. This can undermine the entire trust model of mTLS deployments, enabling man-in-the-middle attacks, data interception, or lateral movement within networks. Confidentiality and integrity of communications can be severely compromised, risking exposure of sensitive information and disruption of critical services. Given the critical nature of certificate management in sectors such as finance, healthcare, government, and critical infrastructure, the vulnerability poses a substantial risk to compliance with European data protection regulations (e.g., GDPR) and operational security. Additionally, the ability to bypass frontend restrictions via the API increases the attack surface and complicates detection and mitigation efforts. The lack of required authentication and user interaction further elevates the threat level, making automated exploitation feasible.

1. Immediate upgrade to VaulTLS version 0.9.1 or later, where this vulnerability is fixed, is the most effective mitigation. 2. Until upgrade is possible, restrict network access to the VaulTLS API endpoints to trusted internal networks only, using network segmentation and firewall rules to limit exposure. 3. Implement strict monitoring and logging of authentication attempts on both the frontend and API to detect anomalous login patterns, especially empty password attempts. 4. Review and enforce strong password policies and account management procedures to prevent creation of accounts with weak or empty passwords. 5. Disable or restrict API access for password-based authentication if possible, or implement additional authentication layers such as multi-factor authentication (MFA) to reduce risk. 6. Conduct a thorough audit of all certificates managed by VaulTLS to identify any unauthorized issuance or modifications that may have occurred. 7. Educate administrators and users about the vulnerability and the importance of applying patches promptly. 8. Consider deploying Web Application Firewalls (WAFs) or API gateways that can detect and block suspicious authentication attempts targeting this vulnerability.