CVE-2025-29266

Vulnerability: CVE-2025-29266

Description: Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled.

Severity: Critical (CVSS v3.1 Score: 9.6)

Known Exploit: Remote, unauthenticated root access to the Unraid WebGUI and web console.

Remediation / Mitigation Strategy

1. Immediate Action: Upgrade to Unraid 7.0.1 or Later: The primary and most effective remediation is to upgrade to Unraid version 7.0.1 or a later version. This patch directly addresses the vulnerability.

2. Disable Tailscale in Host Networking Mode (Temporary Mitigation): If an immediate upgrade is not possible, a temporary mitigation is to either:

   • Avoid running containers in Host networking mode.
   • Disable the “Use Tailscale” option for containers running in Host networking mode. This will eliminate the vulnerable configuration.

3. Review Container Configurations: Audit all container configurations, particularly those using Host networking mode. Ensure that only necessary containers are using this mode, and that the “Use Tailscale” setting is disabled for any that do.

4. Network Segmentation (Defense in Depth): Implement network segmentation to limit the impact of a successful exploit. Restrict access to the Unraid server from untrusted networks.

5. Monitor for Suspicious Activity: Monitor system logs, network traffic, and user activity for any signs of unauthorized access or malicious behavior. Pay particular attention to activity on the WebGUI and web console.

6. Implement Multi-Factor Authentication (MFA) (Future Strengthening): As an additional layer of security, enable MFA on all user accounts after patching, where available. This will make it more difficult for attackers to gain access even if other vulnerabilities are discovered in the future.

7. Regular Security Audits: Schedule regular security audits of the Unraid system and its configuration to identify and address potential vulnerabilities proactively.

8. Stay Informed: Subscribe to security advisories and vulnerability databases to stay informed about new threats and security updates for Unraid and related software.

Assigner

• MITRE [email protected]

Date

• Published Date: 2025-03-31 00:00:00
• Updated Date: 2025-03-31 13:15:43

More Details

CVE-2025-29266