CVE-2025-29266
Published: 31 March 2025
Summary
CVE-2025-29266 is a critical-severity Authentication Bypass by Alternate Name (CWE-289) vulnerability in Unraid WebGUI (inferred from references). Its CVSS base score is 9.6 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and SI-2 (Flaw Remediation).
Deeper analysis
Unraid OS versions 7.0.0 through 7.0.0 are affected by an authentication bypass vulnerability that grants remote attackers unauthenticated root access to the WebGUI and web console. The flaw is triggered specifically when a container runs in Host networking mode with the Use Tailscale option enabled, allowing the condition to expose management interfaces without requiring credentials. The issue is tracked as CWE-289 and carries a CVSS 3.1 score of 9.6.
An attacker positioned on the same network segment can reach the exposed interfaces and obtain full administrative control over the Unraid system, including the ability to execute arbitrary commands via the web console. No user interaction or prior authentication is needed once the container networking condition exists, enabling straightforward remote compromise of affected hosts.
The official Unraid 7.0.1 release notes and associated advisories direct administrators to upgrade immediately from any 7.0.0 release. The patch eliminates the authentication bypass for Tailscale-enabled Host-mode containers. The associated EPSS scores remain low, with a current value of 0.0109 and a peak of 0.0210.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8729
Vulnerability details
Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authentication bypass in WebGUI/web console when exposed via Host networking + Tailscale directly enables exploitation of a remotely accessible application for initial root access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the authentication bypass flaw by requiring identification, reporting, and correction via patching to Unraid 7.0.1 or later.
Mandates control and authentication of remote access methods, blocking unauthenticated exploitation of WebGUI and web console from adjacent networks.
Enforces secure baseline configuration settings to prohibit risky container setups like host networking mode with Tailscale that expose vulnerable interfaces.