However, in a recent breach, several critical vulnerabilities have been discovered in Vaultwarden, a famous public-source choice for the Bitwarden password management server. The bugs can enable hackers to get illegal access to administrative commands, run arbitrary code, and increase privileges inside organizations using the platform.
Admin Panel Access via CSRF: CVE Pending (CVSS 7.1)
This flaw allows hackers to enter the Vaultwarden admin panel via a Cross-Site Request Forgery (CSRF) attack. Hackers can send unauthorized requests to the admin panel and adjust its settings by fooling a genuine user into opening a malicious webpage. This needs the DISABLE_ADMIN_TOKEN option to be activated because the authentication cookie will not be sent throughout site boundaries.
Remote Code Execution in Admin Panel: CVE-2025-24364 (CVSS 7.2)
A stronger flaw enables hackers with unauthorized access to th
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.