CWE-288
AllowedAuthentication Bypass Using an Alternate Path or Channel
Abstraction: Base · Status: Incomplete
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
1072 vulnerabilities reference this CWE, most recent first.
CVE-2025-23217 (GCVE-0-2025-23217)
Vulnerability from cvelistv5 – Published: 2025-02-06 17:32 – Updated: 2025-02-12 19:51| URL | Tags |
|---|---|
| https://github.com/mitmproxy/mitmproxy/security/a… | x_refsource_CONFIRM |
| https://en.wikipedia.org/wiki/Server-side_request… | x_refsource_MISC |
| https://github.com/mitmproxy/mitmproxy/blob/main/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T19:15:53.246425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T19:51:08.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mitmproxy",
"vendor": "mitmproxy",
"versions": [
{
"status": "affected",
"version": "\u003c 11.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb\u0027s proxy server (bound to `*:8080` by default) to access mitmweb\u0027s internal API (bound to `127.0.0.1:8081` by default). In other words, while the cannot access the API directly, they can access the API through the proxy. An attacker may be able to escalate this SSRF-style access to remote code execution. The mitmproxy and mitmdump tools are unaffected. Only mitmweb is affected. This vulnerability has been fixed in mitmproxy 11.1.2 and above. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T17:32:30.226Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-wg33-5h85-7q5p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-wg33-5h85-7q5p"
},
{
"name": "https://en.wikipedia.org/wiki/Server-side_request_forgery",
"tags": [
"x_refsource_MISC"
],
"url": "https://en.wikipedia.org/wiki/Server-side_request_forgery"
},
{
"name": "https://github.com/mitmproxy/mitmproxy/blob/main/CHANGELOG.md#06-february-2025-mitmproxy-1112",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mitmproxy/mitmproxy/blob/main/CHANGELOG.md#06-february-2025-mitmproxy-1112"
}
],
"source": {
"advisory": "GHSA-wg33-5h85-7q5p",
"discovery": "UNKNOWN"
},
"title": "Mitmweb API Authentication Bypass Using Proxy Server"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-23217",
"datePublished": "2025-02-06T17:32:30.226Z",
"dateReserved": "2025-01-13T17:15:41.051Z",
"dateUpdated": "2025-02-12T19:51:08.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22862 (GCVE-0-2025-22862)
Vulnerability from cvelistv5 – Published: 2025-10-02 12:48 – Updated: 2026-07-14 12:40- CWE-288 - Escalation of privilege
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiProxy |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.4.0 , ≤ 7.4.8 (semver) Affected: 7.2.0 , ≤ 7.2.15 (semver) Affected: 7.0.5 , ≤ 7.0.22 (semver) cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:* |
|
| Fortinet | FortiOS |
Affected:
7.4.0 , ≤ 7.4.7
(semver)
Affected: 7.2.0 , ≤ 7.2.11 (semver) Affected: 7.0.6 , ≤ 7.0.18 (semver) cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* |
|
| Siemens | RUGGEDCOM APE1808 |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T03:55:34.469834Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:21.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM APE1808",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:40:52.497Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-864900.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiProxy",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.8",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.15",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.22",
"status": "affected",
"version": "7.0.5",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiOS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.7",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.18",
"status": "affected",
"version": "7.0.6",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An\u00a0Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2.0 through 7.2.11, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0.5 and above\u00a0may allow an authenticated attacker to elevate their privileges via triggering a malicious Webhook action in the Automation Stitch component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:18:35.005Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-385",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-385"
}
],
"solutions": [
{
"lang": "en",
"value": "Fortinet remediated this issue in FortiSASE version 25.2.a and hence customers do not need to perform any action.\nUpgrade to FortiProxy version 7.6.3 or above\nUpgrade to FortiProxy version 7.4.9 or above\nUpgrade to FortiOS version 7.6.0 or above\nUpgrade to FortiOS version 7.4.8 or above\nUpgrade to FortiOS version 7.2.12 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-22862",
"datePublished": "2025-10-02T12:48:41.208Z",
"dateReserved": "2025-01-08T09:38:22.821Z",
"dateUpdated": "2026-07-14T12:40:52.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-22462 (GCVE-0-2025-22462)
Vulnerability from cvelistv5 – Published: 2025-05-13 15:10 – Updated: 2025-05-13 19:39| Vendor | Product | Version | |
|---|---|---|---|
| Ivanti | Neurons for ITSM (on-prem) |
Unaffected:
2023.4 w/ May 2025 Security Patch
(custom)
Unaffected: 2024.2 w/ May 2025 Security Patch (custom) Unaffected: 2024.3 w/ May 2025 Security Patch (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T19:39:34.075517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T19:39:47.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Neurons for ITSM (on-prem)",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "2023.4 w/ May 2025 Security Patch",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2024.2 w/ May 2025 Security Patch",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2024.3 w/ May 2025 Security Patch",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:10:17.923Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-on-premises-only-CVE-2025-22462"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2025-22462",
"datePublished": "2025-05-13T15:10:17.923Z",
"dateReserved": "2025-01-07T02:19:22.797Z",
"dateUpdated": "2025-05-13T19:39:47.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22277 (GCVE-0-2025-22277)
Vulnerability from cvelistv5 – Published: 2025-04-01 05:32 – Updated: 2026-04-28 16:10- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T13:32:52.863514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T13:36:09.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "vitepos-lite",
"product": "Vitepos",
"vendor": "appsbd",
"versions": [
{
"changes": [
{
"at": "3.1.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Phat RiO | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:31:17.632Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos vitepos-lite allows Authentication Abuse.\u003cp\u003eThis issue affects Vitepos: from n/a through \u003c= 3.1.4.\u003c/p\u003e"
}
],
"value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos vitepos-lite allows Authentication Abuse.This issue affects Vitepos: from n/a through \u003c= 3.1.4."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:57.813Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/vitepos-lite/vulnerability/wordpress-vitepos-plugin-3-1-4-broken-authentication-vulnerability?_s_id=cve"
}
],
"title": "WordPress Vitepos plugin \u003c= 3.1.4 - Broken Authentication vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-22277",
"datePublished": "2025-04-01T05:32:24.249Z",
"dateReserved": "2025-01-03T13:15:43.299Z",
"dateUpdated": "2026-04-28T16:10:57.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-22230 (GCVE-0-2025-22230)
Vulnerability from cvelistv5 – Published: 2025-03-25 14:06 – Updated: 2025-03-25 14:19| Vendor | Product | Version | |
|---|---|---|---|
| n/a | VMware Tools |
Affected:
12.x.x, 11.x.x , < 12.5.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22230",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T14:19:23.818666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T14:19:35.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "VMware Tools",
"vendor": "n/a",
"versions": [
{
"lessThan": "12.5.1",
"status": "affected",
"version": "12.x.x, 11.x.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-03-25T12:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Tools for Windows contains an authentication bypass vulnerability \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edue to i\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003emproper access control.\u0026nbsp;\u003c/span\u003eA malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control.\u00a0A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T14:06:35.413Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication bypass vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22230",
"datePublished": "2025-03-25T14:06:35.413Z",
"dateReserved": "2025-01-02T04:29:59.191Z",
"dateUpdated": "2025-03-25T14:19:35.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21589 (GCVE-0-2025-21589)
Vulnerability from cvelistv5 – Published: 2026-01-27 20:32 – Updated: 2026-01-27 21:28- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/ | vendor-advisory |
| https://support.juniper.net/support/eol/software/ssr/ | related |
| https://kb.juniper.net/JSA94663 | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Session Smart Router |
Affected:
5.6.7 , < 5.6.17
(semver)
Unaffected: 6.0 , < 6.0.8 (semver) Affected: 6.1 , < 6.1.12-lts (semver) Affected: 6.2 , < 6.2.8-lts (semver) Affected: 6.3 , < 6.3.3-r2 (semver) |
|
| Juniper Networks | Session Smart Conductor |
Affected:
5.6.7 , < 5.6.17
(semver)
Unaffected: 6.0 , < 6.0.8 (semver) Affected: 6.1 , < 6.1.12-lts (semver) Affected: 6.2 , < 6.2.8-lts (semver) Affected: 6.3 , < 6.3.3-r2 (semver) |
|
| Juniper Networks | WAN Assurance Managed Router |
Affected:
5.6.7 , < 5.6.17
(semver)
Unaffected: 6.0 , < 6.0.8 (semver) Affected: 6.1 , < 6.1.12-lts (semver) Affected: 6.2 , < 6.2.8-lts (semver) Affected: 6.3 , < 6.3.3-r2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T21:27:50.309259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T21:28:02.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Session Smart Router",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "5.6.17",
"status": "affected",
"version": "5.6.7",
"versionType": "semver"
},
{
"changes": [
{
"at": "6.0.8",
"status": "affected"
}
],
"lessThan": "6.0.8",
"status": "unaffected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThan": "6.1.12-lts",
"status": "affected",
"version": "6.1",
"versionType": "semver"
},
{
"lessThan": "6.2.8-lts",
"status": "affected",
"version": "6.2",
"versionType": "semver"
},
{
"lessThan": "6.3.3-r2",
"status": "affected",
"version": "6.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Session Smart Conductor",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "5.6.17",
"status": "affected",
"version": "5.6.7",
"versionType": "semver"
},
{
"changes": [
{
"at": "6.0.8",
"status": "affected"
}
],
"lessThan": "6.0.8",
"status": "unaffected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThan": "6.1.12-lts",
"status": "affected",
"version": "6.1",
"versionType": "semver"
},
{
"lessThan": "6.2.8-lts",
"status": "affected",
"version": "6.2",
"versionType": "semver"
},
{
"lessThan": "6.3.3-r2",
"status": "affected",
"version": "6.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WAN Assurance Managed Router",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "5.6.17",
"status": "affected",
"version": "5.6.7",
"versionType": "semver"
},
{
"changes": [
{
"at": "6.0.8",
"status": "affected"
}
],
"lessThan": "6.0.8",
"status": "unaffected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThan": "6.1.12-lts",
"status": "affected",
"version": "6.1",
"versionType": "semver"
},
{
"lessThan": "6.2.8-lts",
"status": "affected",
"version": "6.2",
"versionType": "semver"
},
{
"lessThan": "6.3.3-r2",
"status": "affected",
"version": "6.3",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-02-04T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn Authentication Bypass Using an\nAlternate Path or Channel vulnerability in Juniper Networks Session Smart\nRouter may allows a network-based attacker to bypass authentication\nand take administrative control of the device.\u003c/p\u003e\u003cp\u003eThis issue affects Session Smart Router:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 5.6.7 before 5.6.17,\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 6.0 before 6.0.8 (affected from 6.0.8),\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 6.1 before 6.1.12-lts,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 6.2 before 6.2.8-lts,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 6.3 before 6.3.3-r2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Session Smart Conductor:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 5.6.7 before 5.6.17,\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 6.0 before 6.0.8 (affected from 6.0.8),\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 6.1 before 6.1.12-lts,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 6.2 before 6.2.8-lts,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 6.3 before 6.3.3-r2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects WAN Assurance Managed Routers:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 5.6.7 before 5.6.17,\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 6.0 before 6.0.8 (affected from 6.0.8),\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 6.1 before 6.1.12-lts,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 6.2 before 6.2.8-lts,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 6.3 before 6.3.3-r2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Authentication Bypass Using an\nAlternate Path or Channel vulnerability in Juniper Networks Session Smart\nRouter may allows a network-based attacker to bypass authentication\nand take administrative control of the device.\n\nThis issue affects Session Smart Router:\u00a0\n\n\n\n * from 5.6.7 before 5.6.17,\u00a0\n * from 6.0 before 6.0.8 (affected from 6.0.8),\n\n * from 6.1 before 6.1.12-lts,\u00a0\n * from 6.2 before 6.2.8-lts,\u00a0\n * from 6.3 before 6.3.3-r2;\u00a0\n\n\n\n\nThis issue affects Session Smart Conductor:\u00a0\n\n\n\n * from 5.6.7 before 5.6.17,\u00a0\n * from 6.0 before 6.0.8 (affected from 6.0.8),\n\n * from 6.1 before 6.1.12-lts,\u00a0\n * from 6.2 before 6.2.8-lts,\u00a0\n * from 6.3 before 6.3.3-r2;\u00a0\n\n\n\n\nThis issue affects WAN Assurance Managed Routers:\u00a0\n\n\n\n * from 5.6.7 before 5.6.17,\u00a0\n * from 6.0 before 6.0.8 (affected from 6.0.8),\n\n * from 6.1 before 6.1.12-lts,\u00a0\n * from 6.2 before 6.2.8-lts,\u00a0\n * from 6.3 before 6.3.3-r2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T20:32:13.334Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/"
},
{
"tags": [
"related"
],
"url": "https://support.juniper.net/support/eol/software/ssr/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA94663"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have\nbeen updated to resolve this issue:\u003c/p\u003e\n\n\u003cp\u003e\u003cbr\u003e\n\u003cb\u003eSession Smart Router:\u003c/b\u003e\u0026nbsp;SSR-5.6.17, SSR-6.1.12-lts, SSR-6.2.8-lts,\nSSR-6.3.3-r2 and subsequent releases. \u003c/p\u003e\n\n\u003cp\u003e\u003cbr\u003e\nIt is suggested to upgrade all affected systems to one of these versions of\nsoftware. In a Conductor-managed deployment, it is sufficient to upgrade only the\nConductor nodes and the fix will be applied automatically to all connected\nrouters. As practical, the routers should still be upgraded to a fixed version\nhowever they will not be vulnerable once they connect to an upgraded Conductor.\u0026nbsp;Router patching can be confirmed once the router reaches the \u201crunning\" (on 6.2 and earlier) or \u201csynchronized\u201d (on 6.3+) state on the Conductor\".\u003cbr\u003e\n\u0026nbsp;\u003c/p\u003e\n\n\u003cp\u003eThis vulnerability has been patched\nautomatically on devices that operate with WAN Assurance (where configuration is also managed) connected\nto the Mist Cloud. As practical, the routers should still be upgraded to a version\ncontaining the fix.\u003cbr\u003e\n\u003cbr\u003e\nIt is important to note that when the fix is applied automatically on routers managed\nby a Conductor or on WAN assurance, it will have no impact on data-plane\nfunctions of the router. The application of the fix is non-disruptive to\nproduction traffic. There may be a momentary downtime (less than 30 seconds) to\nthe web-based management and APIs.\u0026nbsp;\u003c/p\u003e"
}
],
"value": "The following software releases have\nbeen updated to resolve this issue:\n\n\n\n\n\nSession Smart Router:\u00a0SSR-5.6.17, SSR-6.1.12-lts, SSR-6.2.8-lts,\nSSR-6.3.3-r2 and subsequent releases. \n\n\n\n\n\nIt is suggested to upgrade all affected systems to one of these versions of\nsoftware. In a Conductor-managed deployment, it is sufficient to upgrade only the\nConductor nodes and the fix will be applied automatically to all connected\nrouters. As practical, the routers should still be upgraded to a fixed version\nhowever they will not be vulnerable once they connect to an upgraded Conductor.\u00a0Router patching can be confirmed once the router reaches the \u201crunning\" (on 6.2 and earlier) or \u201csynchronized\u201d (on 6.3+) state on the Conductor\".\n\n\u00a0\n\n\n\nThis vulnerability has been patched\nautomatically on devices that operate with WAN Assurance (where configuration is also managed) connected\nto the Mist Cloud. As practical, the routers should still be upgraded to a version\ncontaining the fix.\n\n\n\nIt is important to note that when the fix is applied automatically on routers managed\nby a Conductor or on WAN assurance, it will have no impact on data-plane\nfunctions of the router. The application of the fix is non-disruptive to\nproduction traffic. There may be a momentary downtime (less than 30 seconds) to\nthe web-based management and APIs."
}
],
"source": {
"advisory": "JSA94663",
"defect": [
"I95-59677"
],
"discovery": "INTERNAL"
},
"title": "Session Smart Router, Session Smart Conductor, WAN Assurance Router: API Authentication Bypass vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-21589",
"datePublished": "2026-01-27T20:32:13.334Z",
"dateReserved": "2024-12-26T14:47:11.667Z",
"dateUpdated": "2026-01-27T21:28:02.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15102 (GCVE-0-2025-15102)
Vulnerability from cvelistv5 – Published: 2025-12-30 08:48 – Updated: 2025-12-30 15:57- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| Vendor | Product | Version | |
|---|---|---|---|
| Delta Electronics | DVP-12SE11T |
Affected:
0 , < 2.16
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15102",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-30T13:47:30.681140Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T15:57:12.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DVP-12SE11T",
"vendor": "Delta Electronics",
"versions": [
{
"lessThan": "2.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT"
}
],
"datePublic": "2025-12-30T08:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "DVP-12SE11T - Password Protection Bypass\u003cbr\u003e"
}
],
"value": "DVP-12SE11T - Password Protection Bypass"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T08:48:31.567Z",
"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"shortName": "Deltaww"
},
"references": [
{
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00022_DVP-12SE11T%20Multiple%20Vulnerabilities.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users are advised to implement robust network-level countermeasures in accordance with industry best practices for security.\u003cbr\u003eWe recommend that users take the following security precautions:\u003cbr\u003e\u0026gt; Utilize the Product\u0027s IP Whitelisting Feature: Employ the device\u0027s built-in IP whitelisting function to restrict Modbus/TCP access solely to known, trusted client IP addresses.\u003cbr\u003e\u0026gt; Implement Network Segmentation: Ensure the product is placed within a highly segregated zone\u003cbr\u003e\u0026gt; Utilize industrial firewalls to monitor Modbus/TCP traffic\u003cbr\u003e"
}
],
"value": "Users are advised to implement robust network-level countermeasures in accordance with industry best practices for security.\nWe recommend that users take the following security precautions:\n\u003e Utilize the Product\u0027s IP Whitelisting Feature: Employ the device\u0027s built-in IP whitelisting function to restrict Modbus/TCP access solely to known, trusted client IP addresses.\n\u003e Implement Network Segmentation: Ensure the product is placed within a highly segregated zone\n\u003e Utilize industrial firewalls to monitor Modbus/TCP traffic"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DVP-12SE11T - Password Protection Bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"assignerShortName": "Deltaww",
"cveId": "CVE-2025-15102",
"datePublished": "2025-12-30T08:48:31.567Z",
"dateReserved": "2025-12-26T03:25:49.157Z",
"dateUpdated": "2025-12-30T15:57:12.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14714 (GCVE-0-2025-14714)
Vulnerability from cvelistv5 – Published: 2025-12-15 10:30 – Updated: 2025-12-15 13:13- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| Vendor | Product | Version | |
|---|---|---|---|
| The Document Foundation | LibreOffice |
Affected:
25.2 , < < 25.2.4
(25.2 series)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T13:13:04.911133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T13:13:17.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"MacOS"
],
"product": "LibreOffice",
"vendor": "The Document Foundation",
"versions": [
{
"lessThan": "\u003c 25.2.4",
"status": "affected",
"version": "25.2",
"versionType": "25.2 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karol Mazurek of AFINE"
}
],
"datePublic": "2025-12-15T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eAn Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions\u0026nbsp;granted by the user to the main application bundle\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eBy executing the bundled interpreter directly the attacker\u0027s scripts run with the application\u0027s TCC\u0026nbsp;privileges\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eIn fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions\u003c/div\u003e\u003cp\u003eThis issue affects LibreOffice on macOS: from 25.2 before \u0026lt; 25.2.4.\u003c/p\u003e"
}
],
"value": "An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions\u00a0granted by the user to the main application bundle\n\n\n\n\nBy executing the bundled interpreter directly the attacker\u0027s scripts run with the application\u0027s TCC\u00a0privileges\n\n\n\n\nIn fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions\n\nThis issue affects LibreOffice on macOS: from 25.2 before \u003c 25.2.4."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 0.9,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T10:30:55.796Z",
"orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"shortName": "Document Fdn."
},
"references": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2025-14714"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "TCC Bypass via Inherited Permissions in Bundled Interpreter",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
"assignerShortName": "Document Fdn.",
"cveId": "CVE-2025-14714",
"datePublished": "2025-12-15T10:30:55.796Z",
"dateReserved": "2025-12-15T09:52:45.310Z",
"dateUpdated": "2025-12-15T13:13:17.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13986 (GCVE-0-2025-13986)
Vulnerability from cvelistv5 – Published: 2026-01-28 20:02 – Updated: 2026-02-02 17:59- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| Vendor | Product | Version | |
|---|---|---|---|
| Drupal | Disable Login Page |
Affected:
0.0.0 , < 1.1.3
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-02T14:42:16.110267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T17:59:32.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/disable_login",
"defaultStatus": "unaffected",
"product": "Disable Login Page",
"repo": "https://git.drupalcode.org/project/disable_login",
"vendor": "Drupal",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierre Rudloff (prudloff)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Anoop John (anoopjohn)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Jijo Joseph (jijojoseph_zyxware)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Pierre Rudloff (prudloff)"
},
{
"lang": "en",
"type": "coordinator",
"value": "cilefen (cilefen)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison (greggles)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Drew Webber (mcdruid)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Juraj Nemec (poker10)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Jess (xjm)"
}
],
"datePublic": "2025-12-03T18:49:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Disable Login Page allows Functionality Bypass.\u003cp\u003eThis issue affects Disable Login Page: from 0.0.0 before 1.1.3.\u003c/p\u003e"
}
],
"value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Disable Login Page allows Functionality Bypass.This issue affects Disable Login Page: from 0.0.0 before 1.1.3."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T20:02:53.919Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2025-124"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Disable Login Page - Critical - Access bypass - SA-CONTRIB-2025-124",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2025-13986",
"datePublished": "2026-01-28T20:02:53.919Z",
"dateReserved": "2025-12-03T17:04:28.074Z",
"dateUpdated": "2026-02-02T17:59:32.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13980 (GCVE-0-2025-13980)
Vulnerability from cvelistv5 – Published: 2026-01-28 20:01 – Updated: 2026-01-29 17:11- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| Vendor | Product | Version | |
|---|---|---|---|
| Drupal | CKEditor 5 Premium Features |
Affected:
0.0.0 , < 1.2.10
(semver)
Affected: 1.3.0 , < 1.3.6 (semver) Affected: 1.4.0 , < 1.4.3 (semver) Affected: 1.5.0 , < 1.5.1 (semver) Affected: 1.6.0 , < 1.6.4 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T17:11:20.684032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T17:11:46.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/ckeditor5_premium_features",
"defaultStatus": "unaffected",
"product": "CKEditor 5 Premium Features",
"repo": "https://git.drupalcode.org/project/ckeditor5_premium_features",
"vendor": "Drupal",
"versions": [
{
"lessThan": "1.2.10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "1.3.6",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
},
{
"lessThan": "1.4.3",
"status": "affected",
"version": "1.4.0",
"versionType": "semver"
},
{
"lessThan": "1.5.1",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
},
{
"lessThan": "1.6.4",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wojciech Kukowski (salmonek)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Wojciech Kukowski (salmonek)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison (greggles)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Juraj Nemec (poker10)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Jess (xjm)"
}
],
"datePublic": "2025-12-03T18:48:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.\u003cp\u003eThis issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0 before 1.6.4.\u003c/p\u003e"
}
],
"value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0 before 1.6.4."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T20:01:16.894Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2025-118"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2025-13980",
"datePublished": "2026-01-28T20:01:16.894Z",
"dateReserved": "2025-12-03T17:04:19.606Z",
"dateUpdated": "2026-01-29T17:11:46.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.