What is CVE-2025-29266?

CVE-2025-29266 is a critical-severity vulnerability in Unraid, classified under CWE-289. CVSS score: 9.6/10. Published 2025-03-31.

How severe is CVE-2025-29266?

Critical severity. CVSS v3 base score is 9.6 out of 10.

Vulnerability in Unraid

CVE-2025-29266

Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled.

EPSS: 0.011 (78.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.6 (Critical). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Unraid — versions 7.0.0

Weakness classification (CWE)

CWE-289

References

github.com/unraid/webgui
docs.unraid.net/unraid-os/release-notes/7.0.1/
edac.dev/security/CVE-2025-29266/

Frequently asked questions

What is CVE-2025-29266?: CVE-2025-29266 is a critical-severity vulnerability in Unraid, classified under CWE-289. CVSS score: 9.6/10. Published 2025-03-31.
How severe is CVE-2025-29266?: Critical severity. CVSS v3 base score is 9.6 out of 10.