CVE-2025-10678

Vulnerability Description

NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not changed nor the user was removed. This issue has been fixed in version 0.57.0

Related Weaknesses (CWE)

CWE-1392

References

https://cert.pl/en/posts/2025/10/CVE-2025-10678
https://netbird.io/

FAQ

What is CVE-2025-10678?

CVE-2025-10678 is a documented vulnerability. NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's prov...

How severe is CVE-2025-10678?

CVSS scoring is not yet available for CVE-2025-10678. Check NVD for updates.

Is there a patch for CVE-2025-10678?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.