CVE-2025-68435
Published: 17 December 2025
Summary
CVE-2025-68435 is a critical-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability in Nicotsx Zerobyte. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 30.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for access to system resources, directly addressing the failure of authentication middleware to protect API endpoints.
Limits and explicitly authorizes only defined actions without identification or authentication, preventing unauthorized access to sensitive API endpoints.
Requires timely identification, reporting, and remediation of flaws like this authentication bypass through software upgrades to fixed versions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an authentication bypass in a network-accessible API of a backup tool, directly enabling exploitation of a public-facing application for unauthorized access to sensitive data and configurations.
NVD Description
Zerobyte is a backup automation tool Zerobyte versions prior to 0.18.5 and 0.19.0 contain an authentication bypass vulnerability where authentication middleware is not properly applied to API endpoints. This results in certain API endpoints being accessible without valid session credentials.…
more
This is dangerous for those who have exposed Zerobyte to be used outside of their internal network. A fix has been applied in both version 0.19.0 and 0.18.5. If immediate upgrade is not possible, restrict network access to the Zerobyte instance to trusted networks only using firewall rules or network segmentation. This is only a temporary mitigation; upgrading is strongly recommended.
Deeper analysisAI
CVE-2025-68435 is an authentication bypass vulnerability affecting Zerobyte, an open-source backup automation tool. Versions prior to 0.18.5 and 0.19.0 fail to properly apply authentication middleware to certain API endpoints, allowing unauthorized access without valid session credentials. The issue, mapped to CWE-305 (Authentication Bypass by Primary Weakness), carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating critical severity due to high impacts on confidentiality and integrity.
Remote attackers with network access to a Zerobyte instance can exploit this vulnerability without privileges, user interaction, or special conditions. By directly targeting unprotected API endpoints, they can achieve high-level unauthorized access, potentially reading sensitive backup data or modifying configurations and operations, especially in deployments exposed beyond internal networks.
The Zerobyte security advisory (GHSA-x539-c98q-38gv) and related GitHub issue (#161) detail patches in versions 0.18.5 and 0.19.0 via commit 13e080a18967705bd2b4e110e5f7693fdca1c692. Immediate upgrades are recommended; as a temporary measure, administrators should restrict network access to trusted networks using firewall rules or segmentation.
Details
- CWE(s)