ByteOS Network

NVD Vulnerability Details :

CVE-2025-68435

Awaiting Analysis

Source-security-advisories@github.com

Published At-17 Dec, 2025 | 23:16

Updated At-18 Dec, 2025 | 15:07

Zerobyte is a backup automation tool Zerobyte versions prior to 0.18.5 and 0.19.0 contain an authentication bypass vulnerability where authentication middleware is not properly applied to API endpoints. This results in certain API endpoints being accessible without valid session credentials. This is dangerous for those who have exposed Zerobyte to be used outside of their internal network. A fix has been applied in both version 0.19.0 and 0.18.5. If immediate upgrade is not possible, restrict network access to the Zerobyte instance to trusted networks only using firewall rules or network segmentation. This is only a temporary mitigation; upgrading is strongly recommended.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 9.1

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Weaknesses

CWE ID	Type	Source
CWE-305	Primary	security-advisories@github.com

CWE ID: CWE-305

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/nicotsx/zerobyte/commit/13e080a18967705bd2b4e110e5f7693fdca1c692	security-advisories@github.com	N/A
https://github.com/nicotsx/zerobyte/issues/161	security-advisories@github.com	N/A
https://github.com/nicotsx/zerobyte/security/advisories/GHSA-x539-c98q-38gv	security-advisories@github.com	N/A