Summary
On January 29, 2026, a critical vulnerability was disclosed (CVE-2025-69929) affecting N3uron v1.21 and earlier. This vulnerability allows authenticated Web UI users to access the password hashes of all users registered on the node and potentially crack those hashes to obtain plaintext credentials.
We take this issue very seriously. Upon becoming aware of it on February 4, 2026, we immediately began working on a fix and released N3uron v1.21.15 on February 10, 2026. We strongly urge all customers running N3uron v1.21 to update their installations to this version as soon as possible.
N3uron v1.22 is not affected by this vulnerability and no action is required for installations running this version.
Description & Impact
A vulnerability in the N3uron Web User Interface allows an authenticated user to retrieve the password hashes of all users registered on the node by inspecting the responses returned by the module. Those hashes could potentially be cracked offline to obtain plaintext credentials, potentially allowing an attacker to escalate privileges by accessing higher-privileged accounts or reuse compromised credentials to gain unauthorized access to other systems.
Affected Versions
Remediation
Update to N3uron v1.21.15 or v1.22 as soon as possible.
The patched version is available for download at: 👉 https://n3uron.com/downloads-software/
Temporary Mitigations
We strongly recommend updating your N3uron installation to resolve this issue permanently. If an immediate update is not possible, the vulnerability can be mitigated by restricting user access to the Config section of the Web UI:
- Navigate to Config → Modules → WebUI
- Expand the WebUI configuration and open the Access section
- Select the role you want to restrict
- Click on Permissions → Config and set it to None
This will prevent low-privileged users from accessing the configuration interface where the vulnerability can be exploited.
Timeline
Looking Ahead
This incident has reinforced our commitment to the security of the N3uron platform. Beyond this fix, we are taking several steps to further strengthen our software and build confidence among our customers:
- Hardening Guide: We have documented a comprehensive hardening guide for N3uron that we encourage all customers to read and apply as appropriate to their environment.
- N3uron v1.22 – A major step forward in platform security: N3uron v1.22 represents a significant leap in the security of the platform. We have invested heavily in improving multiple areas including secure development practices, supply chain security, software distribution and integrity, and authentication mechanisms, among others. This is a path we are committed to continuing with every future release.
We are committed to transparency and continuous improvement, and we will keep our customers informed as these initiatives progress.
Contact
For questions or additional information regarding this advisory, please contact our team at [email protected]
