Summary: Critical vulnerabilities have been identified in Vaultwarden, a widely used open-source password management platform, posing risks such as unauthorized access and privilege escalation. Exploits can lead to remote code execution and unauthorized administrative control. Users are urged to update to version 1.33.0 or later to address these issues promptly.
Affected: Vaultwarden
Keypoints :
- Critical vulnerabilities identified in Vaultwarden versions <= 1.32.7.
- CVE-2025-24364 allows CSRF attacks to access the admin panel.
- CVE-2025-24364 enables remote code execution through the admin panel.
- CVE-2025-24365 allows privilege escalation, granting unauthorized ownership rights.
- Users must update to version 1.33.0 or later to mitigate risks.
- Recommendations include reviewing access controls and enabling multi-factor authentication.
Source: https://securityonline.info/password-management-at-risk-vaultwarden-vulnerabilities-expose-millions/