CVE-2024-55225

Critical

Published: 09 January 2025

Published

09 January 2025

Modified

20 June 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0031 54.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55225 is a critical-severity Incorrect Default Permissions (CWE-276) vulnerability in Dani-Garcia Vaultwarden. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and correction of flaws like this authentication bypass vulnerability in Vaultwarden's identity API.

AC-3 Access Enforcement good match

prevent

Mandates enforcement of approved authorizations, directly countering the failed access enforcement that allowed impersonation via crafted requests.

IA-2 Identification and Authentication (Organizational Users) good match

prevent

Ensures unique identification and authentication for organizational users, preventing bypasses that enable attacker impersonation of users and administrators.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Remote unauthenticated authentication bypass in public-facing Vaultwarden server directly enables exploitation of the application for initial access and account impersonation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request.

Deeper analysisAI

CVE-2024-55225 is a critical authentication bypass vulnerability (CVSS 3.1 score of 9.8) in the src/api/identity.rs component of Vaultwarden, an open-source Bitwarden-compatible password manager server, affecting versions prior to 1.32.5. The flaw, tied to CWE-276 (Incorrect Default Permissions), enables attackers to impersonate any user, including administrators, by crafting a malicious authorization request. This issue was publicly disclosed on January 9, 2025.

The vulnerability is exploitable remotely over the network with low complexity, requiring no privileges, no user interaction, and no special setup (AV:N/AC:L/PR:N/UI:N/S:U). Any unauthenticated attacker can send a specially crafted request to the identity API endpoint, bypassing authentication checks and assuming the identity of legitimate users or admins. Successful exploitation grants full access to the victim's account, potentially allowing theft of stored credentials, organization data, or administrative control over the Vaultwarden instance, such as user management or configuration changes.

Mitigation requires upgrading to Vaultwarden version 1.32.5 or later, as detailed in the project's release notes on GitHub (tags 1.32.4 and 1.32.5). A vulnerability disclosure from Insinuator.net provides additional technical details on the authentication bypass mechanism and recommends immediate patching, with no workarounds mentioned for affected versions.