Common Weakness Enumeration

CWE-276

Allowed

Incorrect Default Permissions

Abstraction: Base · Status: Draft

During installation, installed file permissions are set to allow anyone to modify those files.

2034 vulnerabilities reference this CWE, most recent first.

CVE-2025-52900 (GCVE-0-2025-52900)

Vulnerability from cvelistv5 – Published: 2025-06-26 14:35 – Updated: 2025-06-26 14:43
VLAI
Title
File Browser has Insecure File Permissions
Summary
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the database used by File Browser. On standard servers using File Browser prior to version 2.33.7 where the umask configuration has not been hardened before, this makes all the stated files readable by any operating system account. Version 2.33.7 fixes the issue.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
filebrowser filebrowser Affected: < 2.33.7
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-52900",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-26T14:43:22.621625Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-26T14:43:33.640Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "filebrowser",
          "vendor": "filebrowser",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.33.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the database used by File Browser. On standard servers using File Browser prior to version 2.33.7 where the umask configuration has not been hardened before, this makes all the stated files readable by any operating system account. Version 2.33.7 fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-26T14:35:50.452Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-jj2r-455p-5gvf",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-jj2r-455p-5gvf"
        },
        {
          "name": "https://github.com/filebrowser/filebrowser/commit/ca86f916216620365c0f81629c0934ce02574d76",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/filebrowser/filebrowser/commit/ca86f916216620365c0f81629c0934ce02574d76"
        }
      ],
      "source": {
        "advisory": "GHSA-jj2r-455p-5gvf",
        "discovery": "UNKNOWN"
      },
      "title": "File Browser has Insecure File Permissions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-52900",
    "datePublished": "2025-06-26T14:35:50.452Z",
    "dateReserved": "2025-06-20T17:42:25.711Z",
    "dateUpdated": "2025-06-26T14:43:33.640Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-49843 (GCVE-0-2025-49843)

Vulnerability from cvelistv5 – Published: 2025-06-17 20:39 – Updated: 2025-06-18 15:48
VLAI
Title
conda-smithy Has Incorrect Default File Permissions
Summary
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_headers function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write access beyond the intended user/owner. This violates the principle of least privilege, which mandates restricting file permissions to the minimum necessary. An attacker could exploit this to access configuration files in shared hosting environments. This issue has been patched in version 3.47.1.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
conda-forge conda-smithy Affected: < 3.47.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49843",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-18T15:47:57.920540Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-18T15:48:45.983Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "conda-smithy",
          "vendor": "conda-forge",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.47.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_headers function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write access beyond the intended user/owner. This violates the principle of least privilege, which mandates restricting file permissions to the minimum necessary. An attacker could exploit this to access configuration files in shared hosting environments. This issue has been patched in version 3.47.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-17T20:39:52.569Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/conda-forge/conda-smithy/security/advisories/GHSA-h9v8-rrqg-3m95",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/conda-forge/conda-smithy/security/advisories/GHSA-h9v8-rrqg-3m95"
        },
        {
          "name": "https://github.com/conda-forge/conda-smithy/commit/24cc0a55a363479e797c825be3a7f2603ef374a1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/conda-forge/conda-smithy/commit/24cc0a55a363479e797c825be3a7f2603ef374a1"
        },
        {
          "name": "https://github.com/conda-forge/conda-smithy/blob/1dc21086a476f6aeb6c1bad8bf58474bf3a8f8f0/conda_smithy/ci_register.py#L109-L111",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/conda-forge/conda-smithy/blob/1dc21086a476f6aeb6c1bad8bf58474bf3a8f8f0/conda_smithy/ci_register.py#L109-L111"
        }
      ],
      "source": {
        "advisory": "GHSA-h9v8-rrqg-3m95",
        "discovery": "UNKNOWN"
      },
      "title": "conda-smithy Has Incorrect Default File Permissions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-49843",
    "datePublished": "2025-06-17T20:39:52.569Z",
    "dateReserved": "2025-06-11T14:33:57.800Z",
    "dateUpdated": "2025-06-18T15:48:45.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-49842 (GCVE-0-2025-49842)

Vulnerability from cvelistv5 – Published: 2025-06-17 14:02 – Updated: 2025-06-17 18:15
VLAI
Title
conda-forge-webservices Privilege Escalation Risk via Default Docker Root User
Summary
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the conda_forge_webservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privilege escalation and host compromise if a vulnerability is exploited. This issue has been patched in version 2025.3.24.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49842",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-17T14:16:50.613240Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T18:15:47.781Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "conda-forge-webservices",
          "vendor": "conda-forge",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2025.3.24"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the conda_forge_webservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privilege escalation and host compromise if a vulnerability is exploited. This issue has been patched in version 2025.3.24."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 1,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-17T14:02:37.266Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/conda-forge/conda-forge-webservices/security/advisories/GHSA-3cj6-wc22-wvpv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/conda-forge/conda-forge-webservices/security/advisories/GHSA-3cj6-wc22-wvpv"
        },
        {
          "name": "https://github.com/conda-forge/conda-forge-webservices/commit/c28b67f833f32299cc47eef8ad226ca991db67ae",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/conda-forge/conda-forge-webservices/commit/c28b67f833f32299cc47eef8ad226ca991db67ae"
        }
      ],
      "source": {
        "advisory": "GHSA-3cj6-wc22-wvpv",
        "discovery": "UNKNOWN"
      },
      "title": "conda-forge-webservices Privilege Escalation Risk via Default Docker Root User"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-49842",
    "datePublished": "2025-06-17T14:02:37.266Z",
    "dateReserved": "2025-06-11T14:33:57.800Z",
    "dateUpdated": "2025-06-17T18:15:47.781Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-49144 (GCVE-0-2025-49144)

Vulnerability from cvelistv5 – Published: 2025-06-23 19:01 – Updated: 2026-02-26 17:50
VLAI
Title
Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path
Summary
Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-272 - Least Privilege Violation
  • CWE-276 - Incorrect Default Permissions
  • CWE-427 - Uncontrolled Search Path Element
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49144",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-01T03:55:56.996774Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:50:26.914Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-12-24T14:46:08.689Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-49144-detect-notepad-vulnerability"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-49144-mitigate-notepad-vulnerability"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-49144-detect-notepad-vulnerability-1"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-49144-mitigate-notepad-vulnerability-1"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "notepad-plus-plus",
          "vendor": "notepad-plus-plus",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 8.8.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-272",
              "description": "CWE-272: Least Privilege Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427: Uncontrolled Search Path Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-23T19:01:16.276Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/notepad-plus-plus/notepad-plus-plus/security/advisories/GHSA-9vx8-v79m-6m24",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/notepad-plus-plus/notepad-plus-plus/security/advisories/GHSA-9vx8-v79m-6m24"
        },
        {
          "name": "https://github.com/notepad-plus-plus/notepad-plus-plus/commit/f2346ea00d5b4d907ed39d8726b38d77c8198f30",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/notepad-plus-plus/notepad-plus-plus/commit/f2346ea00d5b4d907ed39d8726b38d77c8198f30"
        },
        {
          "name": "https://drive.google.com/drive/folders/11yeUSWgqHvt4Bz5jO3ilRRfcpQZ6Gvpn",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://drive.google.com/drive/folders/11yeUSWgqHvt4Bz5jO3ilRRfcpQZ6Gvpn"
        }
      ],
      "source": {
        "advisory": "GHSA-9vx8-v79m-6m24",
        "discovery": "UNKNOWN"
      },
      "title": "Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-49144",
    "datePublished": "2025-06-23T19:01:16.276Z",
    "dateReserved": "2025-06-02T10:39:41.634Z",
    "dateUpdated": "2026-02-26T17:50:26.914Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-49006 (GCVE-0-2025-49006)

Vulnerability from cvelistv5 – Published: 2025-06-09 12:41 – Updated: 2025-06-09 15:06
VLAI
Title
Wasp has case insensitive OAuth ID vulnerability
Summary
Wasp (Web Application Specification) is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has a vulnerability in the OAuth authentication implementation (affecting only Keycloak with a specific config). Wasp currently lowercases OAuth user IDs before storing / fetching them. This behavior violates OAuth and OpenID Connect specifications and can result in user impersonation, account collisions, and privilege escalation. In practice, out of the OAuth providers that Wasp auth supports, only Keycloak is affected. Keycloak uses a lowercase UUID by default, but users can configure it to be case sensitive, making it affected. Google, GitHub, and Discord use numerical IDs, making them not affected. Users should update their Wasp version to `0.16.6` which has a fix for the problematic behavior. Users using Keycloak can work around the issue by not using a case sensitive user ID in their realm configuration.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
wasp-lang wasp Affected: < 0.16.6
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49006",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-09T15:02:32.241296Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-09T15:06:12.638Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "wasp",
          "vendor": "wasp-lang",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.16.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Wasp (Web Application Specification) is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has a vulnerability in the OAuth authentication implementation (affecting only Keycloak with a specific config). Wasp currently lowercases OAuth user IDs before storing / fetching them. This behavior violates OAuth and OpenID Connect specifications and can result in user impersonation, account collisions, and privilege escalation. In practice, out of the OAuth providers that Wasp auth supports, only Keycloak is affected. Keycloak uses a lowercase UUID by default, but users can configure it to be case sensitive, making it affected. Google, GitHub, and Discord use numerical IDs, making them not affected. Users should update their Wasp version to `0.16.6` which has a fix for the problematic behavior. Users using Keycloak can work around the issue by not using a case sensitive user ID in their realm configuration."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-09T12:41:51.697Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/wasp-lang/wasp/security/advisories/GHSA-qvjc-6xv7-6v5f",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/wasp-lang/wasp/security/advisories/GHSA-qvjc-6xv7-6v5f"
        },
        {
          "name": "https://github.com/wasp-lang/wasp/commit/433b9b7f491c172db656fb94cc85e5bd7d614b74",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/wasp-lang/wasp/commit/433b9b7f491c172db656fb94cc85e5bd7d614b74"
        },
        {
          "name": "https://wasp-lang.notion.site/PUB-Case-insensitive-OAuth-ID-vulnerability-20018a74854c8064a2bfebe4eaf5fceb",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wasp-lang.notion.site/PUB-Case-insensitive-OAuth-ID-vulnerability-20018a74854c8064a2bfebe4eaf5fceb"
        }
      ],
      "source": {
        "advisory": "GHSA-qvjc-6xv7-6v5f",
        "discovery": "UNKNOWN"
      },
      "title": "Wasp has case insensitive OAuth ID vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-49006",
    "datePublished": "2025-06-09T12:41:51.697Z",
    "dateReserved": "2025-05-29T16:34:07.175Z",
    "dateUpdated": "2025-06-09T15:06:12.638Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-48959 (GCVE-0-2025-48959)

Vulnerability from cvelistv5 – Published: 2025-06-04 12:02 – Updated: 2026-02-26 18:27
VLAI
Summary
Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40077.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 40077 (semver)
Create a notification for this product.
Credits
@mad31k (https://hackerone.com/mad31k)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48959",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-05T03:55:18.201258Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:27:37.435Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Acronis Cyber Protect Cloud Agent",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "40077",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "@mad31k (https://hackerone.com/mad31k)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40077."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-04T12:02:56.572Z",
        "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "shortName": "Acronis"
      },
      "references": [
        {
          "name": "SEC-8133",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security-advisory.acronis.com/advisories/SEC-8133"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
    "assignerShortName": "Acronis",
    "cveId": "CVE-2025-48959",
    "datePublished": "2025-06-04T12:02:56.572Z",
    "dateReserved": "2025-05-29T00:22:59.556Z",
    "dateUpdated": "2026-02-26T18:27:37.435Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-48950 (GCVE-0-2025-48950)

Vulnerability from cvelistv5 – Published: 2025-06-03 18:16 – Updated: 2025-06-03 18:36
VLAI
Title
MaxKB Python Sandbox Bypass in Function Library
Summary
MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as `/bin,/usr/bin`, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directories to carry out attacks. Version 1.10.8-lts fixes the issue.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
1Panel-dev MaxKB Affected: < 1.10.8-lts
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48950",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-03T18:36:13.274100Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-03T18:36:25.824Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MaxKB",
          "vendor": "1Panel-dev",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.10.8-lts"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as `/bin,/usr/bin`, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directories to carry out attacks. Version 1.10.8-lts fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-03T18:16:09.060Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-p2qq-x9j2-px8v",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-p2qq-x9j2-px8v"
        },
        {
          "name": "https://github.com/1Panel-dev/MaxKB/pull/3127",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/1Panel-dev/MaxKB/pull/3127"
        },
        {
          "name": "https://github.com/1Panel-dev/MaxKB/commit/187e9c1e4ea1ebb6864c5bf61558c42f2fc6c005",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/1Panel-dev/MaxKB/commit/187e9c1e4ea1ebb6864c5bf61558c42f2fc6c005"
        },
        {
          "name": "https://github.com/1Panel-dev/MaxKB/releases/tag/v1.10.8-lts",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v1.10.8-lts"
        }
      ],
      "source": {
        "advisory": "GHSA-p2qq-x9j2-px8v",
        "discovery": "UNKNOWN"
      },
      "title": "MaxKB Python Sandbox Bypass in Function Library"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-48950",
    "datePublished": "2025-06-03T18:16:09.060Z",
    "dateReserved": "2025-05-28T18:49:07.584Z",
    "dateUpdated": "2025-06-03T18:36:25.824Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-48516 (GCVE-0-2025-48516)

Vulnerability from cvelistv5 – Published: 2026-05-15 02:37 – Updated: 2026-05-15 16:36
VLAI
Summary
Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
AMD
Impacted products
Vendor Product Version
AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: No fix planned
Create a notification for this product.
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ 7000 Series Desktop Processors Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ 3000 Series Desktop Processors Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ Threadripper™ 3000 Processors Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ 9000HX Series Processors Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ AI 300 Series Processors Unaffected: No fix planned
Create a notification for this product.
AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ 8000 Series Desktop Processors Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ 9000 Series Desktop Processors Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ 4000 Series Desktop Processors Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ AI Max 300 Series Processors Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ Z1 Series Processors Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ Z2 Series Processors Extreme Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ Z2 Series Processors Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ Z2 Series Processors Go Unaffected: No fix planned
Create a notification for this product.
AMD AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors Unaffected: ShimadaPeakPI-SP6 1.0.0.1b
Create a notification for this product.
AMD AMD Ryzen™ Threadripper™ 7000 Processors Unaffected: ShimadaPeakPI-SP6 1.0.0.1b
Create a notification for this product.
AMD AMD Ryzen™ Threadripper™ 9000 Processors Unaffected: ShimadaPeakPI-SP6 1.0.0.1b
Create a notification for this product.
AMD AMD Ryzen™ Threadripper™ PRO 9000 WX-Series Processors Unaffected: ShimadaPeakPI-SP6 1.0.0.1b
Create a notification for this product.
Date Public
2026-05-15 02:37
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48516",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-15T16:35:42.610757Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-15T16:36:41.669Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 9000HX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 AI 300 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 9000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 AI Max 300 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Z1 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Z2 Series Processors Extreme",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Z2 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Z2 Series Processors Go",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "No fix planned"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ShimadaPeakPI-SP6 1.0.0.1b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 7000  Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ShimadaPeakPI-SP6 1.0.0.1b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 9000 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ShimadaPeakPI-SP6 1.0.0.1b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 9000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ShimadaPeakPI-SP6 1.0.0.1b"
            }
          ]
        }
      ],
      "datePublic": "2026-05-15T02:37:17.224Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module.\u003cbr\u003e"
            }
          ],
          "value": "Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276  Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-15T02:37:49.670Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "AMD PSIRT Automation 1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2025-48516",
    "datePublished": "2026-05-15T02:37:49.670Z",
    "dateReserved": "2025-05-22T16:34:07.747Z",
    "dateUpdated": "2026-05-15T16:36:41.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-48512 (GCVE-0-2025-48512)

Vulnerability from cvelistv5 – Published: 2026-05-15 01:45 – Updated: 2026-05-16 03:56
VLAI
Summary
Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
AMD
Impacted products
Vendor Product Version
AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Renoir") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics (formerly codenamed "Rembrandt R") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Picasso") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Phoenix") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics (formerly codenamed "Mendocino") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Dragon Range") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 7000 Series Desktop Processors (formerly codenamed "Raphael"/"Raphael X3D") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 3000 Series Desktop Processors (formerly codenamed "Matisse") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors (formerly codenamed "Castle Peak") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Barcelo R") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ Threadripper™ 3000 Processors (formerly codenamed "Castle Peak") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 9000HX Series Processors Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ AI 300 Series Processors (formerly codenamed "Strix Point") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics (formerly codenamed "Picasso") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors (formerly codenamed "Chagall") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ Threadripper™ 7000 Processors (formerly codenamed "Storm Peak") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors (formerly codenamed "Storm Peak") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 7000 Series Desktop Processors (formerly codenamed "Raphael"/"Raphael-X3D") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 8000 Series Desktop Processors (formerly codenamed "Phoenix") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 9000 Series Desktop Processors (formerly codenamed "Granite Ridge") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Cezanne") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Lucienne") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Barcelo") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 4000 Series Desktop Processors (formerly codenamed "Renoir") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 5000 Series Desktop Processors (formerly codenamed "Vermeer") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics (formerly codenamed "Cezanne") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 5000 Series Desktop Processors (formerly codenamed "Vermeer"/"Vermeer-X3D") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Hawk Point") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Dali") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Dali") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics (formerly codenamed "Rembrandt") Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ AI Max 300 Series Processors Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ Z1 Series Processors Unaffected: 7.04.09.545
Create a notification for this product.
AMD AMD Ryzen™ Embedded R1000 Series Processors Unaffected: 25Q3 AMD Emb [R1000 V1000] Win® Chipset WHQL certified driver - (71252)
Create a notification for this product.
AMD AMD Ryzen™ Embedded R2000 Series Processors Unaffected: Q2 - 2025 AMD Embedded R2000, V2000 Windows® Chipset drivers (68915)
Create a notification for this product.
AMD AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Raven Ridge") Unaffected: 25Q3 AMD Emb [R1000 V1000] Win® Chipset WHQL certified driver - (71252)
Create a notification for this product.
AMD AMD Ryzen™ Embedded V2000 Series Processors Unaffected: Q2 - 2025 AMD Embedded R2000, V2000 Windows® Chipset drivers (68915)
Create a notification for this product.
AMD AMD EPYC™ Embedded 8004 Series Processors Unaffected: Q4 - 2025 AMD Embedded Windows® Chipset drivers (71816)
Create a notification for this product.
AMD AMD Ryzen™ Embedded 8000 Series Processors Unaffected: Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows® Chipset drivers [7.06.02.123] (68927)
Create a notification for this product.
AMD AMD Ryzen™ Embedded 7000 Series Processors Unaffected: Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows® Chipset drivers [7.06.02.123] (68927)
Create a notification for this product.
AMD AMD EPYC™ Embedded 9005 Series Processors Unaffected: Q4 - 2025 AMD Embedded Windows® Chipset drivers (71816)
Create a notification for this product.
AMD AMD Ryzen™ Embedded 9000 Series Processors Unaffected: Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows® Chipset drivers [7.06.02.123] (68927)
Create a notification for this product.
AMD AMD EPYC™ 9004 Series Processors Unaffected: AMD Server Software 8.03.16.641
Create a notification for this product.
AMD AMD EPYC™ 7003 Series Processors Unaffected: AMD Server Software 8.03.14.329
Create a notification for this product.
AMD AMD EPYC™ 7002 Series Processors Unaffected: AMD Server Software 8.03.14.329
Create a notification for this product.
AMD AMD EPYC™ 7001 Series Processors Unaffected: AMD Server Software 8.03.14.329
Create a notification for this product.
AMD AMD EPYC™ 4004 Series Processors Unaffected: AMD Chipset Driver 7.04.09.545
Create a notification for this product.
AMD AMD EPYC™ 9005 Series Processors Unaffected: AMD Server Software 8.03.16.641
Create a notification for this product.
AMD AMD Instinct™ MI300A Series Processors Unaffected: AMD Server Software 8.03.16.641
Create a notification for this product.
AMD AMD EPYC™ 9V64H Processor Unaffected: AMD Server Software 8.03.16.641
Create a notification for this product.
AMD AMD EPYC™ 8004 Series Processors Unaffected: AMD Server Software 8.03.16.641
Create a notification for this product.
AMD AMD EPYC™ 4005 Series Processors Unaffected: AMD Chipset Driver 7.04.09.545
Create a notification for this product.
Date Public
2026-05-15 01:49
Credits
Reported through AMD Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48512",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-15T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-16T03:56:09.610Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Renoir\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics (formerly codenamed \"Rembrandt R\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Picasso\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Phoenix\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics (formerly codenamed \"Mendocino\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Dragon Range\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors (formerly codenamed \"Raphael\"/\"Raphael X3D\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors (formerly codenamed \"Matisse\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors (formerly codenamed \"Castle Peak\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Barcelo R\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors (formerly codenamed \"Castle Peak\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Processors (formerly codenamed \"Castle Peak\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 9000HX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 AI 300 Series Processors (formerly codenamed \"Strix Point\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics (formerly codenamed \"Picasso\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000 WX-Series Processors (formerly codenamed \"Chagall\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 7000 Processors (formerly codenamed \"Storm Peak\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors (formerly codenamed \"Storm Peak\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors (formerly codenamed \"Raphael\"/\"Raphael-X3D\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Desktop Processors (formerly codenamed \"Phoenix\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Desktop Processors (formerly codenamed \"Phoenix\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 9000 Series Desktop Processors (formerly codenamed \"Granite Ridge\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Cezanne\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Lucienne\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Barcelo\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors (formerly codenamed \"Renoir\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors (formerly codenamed \"Vermeer\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics (formerly codenamed \"Cezanne\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors (formerly codenamed \"Matisse\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors (formerly codenamed \"Vermeer\"/\"Vermeer-X3D\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Hawk Point\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Dali\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Dali\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics (formerly codenamed \"Rembrandt\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 AI Max 300 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Z1 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "25Q3 AMD Emb [R1000 V1000] Win\u00ae Chipset WHQL certified driver - (71252)"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Q2 - 2025 AMD Embedded R2000, V2000 Windows\u00ae Chipset drivers (68915)"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors (formerly codenamed \"Raven Ridge\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "25Q3 AMD Emb [R1000 V1000] Win\u00ae Chipset WHQL certified driver - (71252)"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Q2 - 2025 AMD Embedded R2000, V2000 Windows\u00ae Chipset drivers (68915)"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 8004 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Q4 - 2025 AMD Embedded Windows\u00ae Chipset drivers (71816)"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 8000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows\u00ae Chipset drivers [7.06.02.123] (68927)"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows\u00ae Chipset drivers [7.06.02.123] (68927)"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9005 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Q4 - 2025 AMD Embedded Windows\u00ae Chipset drivers (71816)"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 9000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows\u00ae Chipset drivers [7.06.02.123] (68927)"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Server  Software 8.03.16.641"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Server Software 8.03.14.329"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7002 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Server Software 8.03.14.329"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7001 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Server Software 8.03.14.329"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 4004 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Chipset Driver 7.04.09.545"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9005 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Server  Software 8.03.16.641"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Instinct\u2122 MI300A Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Server  Software 8.03.16.641"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9V64H Processor",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Server  Software 8.03.16.641"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 8004 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Server  Software 8.03.16.641"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 4005 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Chipset Driver 7.04.09.545"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Reported through AMD Bug Bounty Program"
        }
      ],
      "datePublic": "2026-05-15T01:49:24.634Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.\u003cbr\u003e"
            }
          ],
          "value": "Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276  Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-15T01:50:06.870Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3047.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "AMD PSIRT Automation 1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2025-48512",
    "datePublished": "2026-05-15T01:45:05.943Z",
    "dateReserved": "2025-05-22T16:34:07.747Z",
    "dateUpdated": "2026-05-16T03:56:09.610Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-48070 (GCVE-0-2025-48070)

Vulnerability from cvelistv5 – Published: 2025-05-21 22:11 – Updated: 2025-05-22 15:52
VLAI
Title
Plane has insecure permissions in UserSerializer
Summary
Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site scripting (XSS). Version 0.23 fixes the issue.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
makeplane plane Affected: < 0.23
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48070",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-22T15:52:30.307578Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-22T15:52:48.689Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/makeplane/plane/security/advisories/GHSA-cjh4-q763-cc48"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "plane",
          "vendor": "makeplane",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.23"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site scripting (XSS). Version 0.23 fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T22:11:06.177Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/makeplane/plane/security/advisories/GHSA-cjh4-q763-cc48",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/makeplane/plane/security/advisories/GHSA-cjh4-q763-cc48"
        },
        {
          "name": "https://github.com/makeplane/plane/commit/0a8cc24da505fd519fcc3c9d6b5e15bc7ce21b29",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/makeplane/plane/commit/0a8cc24da505fd519fcc3c9d6b5e15bc7ce21b29"
        }
      ],
      "source": {
        "advisory": "GHSA-cjh4-q763-cc48",
        "discovery": "UNKNOWN"
      },
      "title": "Plane has insecure permissions in UserSerializer"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-48070",
    "datePublished": "2025-05-21T22:11:06.177Z",
    "dateReserved": "2025-05-15T16:06:40.941Z",
    "dateUpdated": "2025-05-22T15:52:48.689Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-1
Architecture and Design Operation

The architecture needs to access and modification attributes for files to only those users who actually require those actions.

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-81: Web Server Logs Tampering

Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.