Cyber Resilience

CVE-2025-29266

Critical

Published: 31 March 2025

Published
31 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0109 78.3th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-29266 is a critical-severity Authentication Bypass by Alternate Name (CWE-289) vulnerability in Unraid WebGUI (inferred from references). Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and SI-2 (Flaw Remediation).

Deeper analysis

Unraid OS versions 7.0.0 through 7.0.0 are affected by an authentication bypass vulnerability that grants remote attackers unauthenticated root access to the WebGUI and web console. The flaw is triggered specifically when a container runs in Host networking mode with the Use Tailscale option enabled, allowing the condition to expose management interfaces without requiring credentials. The issue is tracked as CWE-289 and carries a CVSS 3.1 score of 9.6.

An attacker positioned on the same network segment can reach the exposed interfaces and obtain full administrative control over the Unraid system, including the ability to execute arbitrary commands via the web console. No user interaction or prior authentication is needed once the container networking condition exists, enabling straightforward remote compromise of affected hosts.

The official Unraid 7.0.1 release notes and associated advisories direct administrators to upgrade immediately from any 7.0.0 release. The patch eliminates the authentication bypass for Tailscale-enabled Host-mode containers. The associated EPSS scores remain low, with a current value of 0.0109 and a peak of 0.0210.

EU & UK References

Vulnerability details

Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Authentication bypass in WebGUI/web console when exposed via Host networking + Tailscale directly enables exploitation of a remotely accessible application for initial root access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-11283Shared CWE-289
CVE-2025-13613Shared CWE-289
CVE-2024-56511Shared CWE-289
CVE-2026-32036Shared CWE-289
CVE-2025-55130Shared CWE-289
CVE-2026-24058Shared CWE-289

Affected Assets

Unraid
WebGUI
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the authentication bypass flaw by requiring identification, reporting, and correction via patching to Unraid 7.0.1 or later.

prevent

Mandates control and authentication of remote access methods, blocking unauthenticated exploitation of WebGUI and web console from adjacent networks.

prevent

Enforces secure baseline configuration settings to prohibit risky container setups like host networking mode with Tailscale that expose vulnerable interfaces.

References