Common Weakness Enumeration

CWE-653

Allowed

Improper Isolation or Compartmentalization

Abstraction: Class · Status: Draft

The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

101 vulnerabilities reference this CWE, most recent first.

CVE-2025-26393 (GCVE-0-2025-26393)

Vulnerability from cvelistv5 – Published: 2025-03-17 20:07 – Updated: 2025-03-18 14:08
VLAI
Title
SolarWinds Service Desk Broken Access Control Vulnerability
Summary
SolarWinds Service Desk is affected by a broken access control vulnerability. The issue allows authenticated users to escalate privileges, leading to unauthorized data manipulation.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-653 - Improper Isolation or Compartmentalization
Assigner
Impacted products
Vendor Product Version
SolarWinds Service Desk Affected: 01-28-2025
Create a notification for this product.
Credits
Seif Abdelwahid
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-26393",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-18T14:08:12.940669Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T14:08:24.085Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Service Desk",
          "vendor": "SolarWinds",
          "versions": [
            {
              "status": "affected",
              "version": "01-28-2025"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Seif Abdelwahid"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSolarWinds Service Desk is affected by a broken access control vulnerability. The issue allows authenticated users to escalate privileges, leading to unauthorized data manipulation.\u003c/span\u003e"
            }
          ],
          "value": "SolarWinds Service Desk is affected by a broken access control vulnerability. The issue allows authenticated users to escalate privileges, leading to unauthorized data manipulation."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-87",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-87: Forceful Browsing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "CWE-653: Improper Isolation or Compartmentalization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-17T20:07:29.457Z",
        "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "shortName": "SolarWinds"
      },
      "references": [
        {
          "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26393"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "SolarWinds Service Desk Broken Access Control Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
    "assignerShortName": "SolarWinds",
    "cveId": "CVE-2025-26393",
    "datePublished": "2025-03-17T20:07:29.457Z",
    "dateReserved": "2025-02-08T00:19:09.395Z",
    "dateUpdated": "2025-03-18T14:08:24.085Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24986 (GCVE-0-2025-24986)

Vulnerability from cvelistv5 – Published: 2025-03-11 16:58 – Updated: 2026-02-13 19:38
VLAI
Title
Azure Promptflow Remote Code Execution Vulnerability
Summary
Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
Impacted products
Vendor Product Version
Microsoft Azure promptflow-core Affected: 1.0.0 , < 1.17.2 (custom)
Create a notification for this product.
Microsoft Azure promptflow-tools Affected: 1.0.0 , < 1.6.0 (custom)
Create a notification for this product.
Date Public
2025-03-11 07:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24986",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-11T18:26:31.955113Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-11T18:33:48.055Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Azure promptflow-core",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "1.17.2",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Azure promptflow-tools",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "1.6.0",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:azure_promptflow_core:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.17.2",
                  "versionStartIncluding": "1.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:azure_promptflow_tools:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.6.0",
                  "versionStartIncluding": "1.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-03-11T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "CWE-653: Improper Isolation or Compartmentalization",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T19:38:40.809Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Azure Promptflow Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24986"
        }
      ],
      "title": "Azure Promptflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-24986",
    "datePublished": "2025-03-11T16:58:59.571Z",
    "dateReserved": "2025-01-30T15:14:20.992Z",
    "dateUpdated": "2026-02-13T19:38:40.809Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21590 (GCVE-0-2025-21590)

Vulnerability from cvelistv5 – Published: 2025-03-12 13:59 – Updated: 2026-02-26 19:09
VLAI
Title
Junos OS: An local attacker with shell access can execute arbitrary code
Summary
An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device. This issue is not exploitable from the Junos CLI. This issue affects Junos OS:  * All versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10,  * 22.2 versions before 22.2R3-S6,  * 22.4 versions before 22.4R3-S6,  * 23.2 versions before 23.2R2-S3,  * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2.
SSVC
Exploitation: active Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-653 - Improper Isolation or Compartmentalization
Assigner
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 0 , < 21.2R3-S9 (semver)
Affected: 21.4 , < 21.4R3-S10 (semver)
Affected: 22.2 , < 22.2R3-S6 (semver)
Affected: 22.4 , < 22.4R3-S6 (semver)
Affected: 23.2 , < 23.2R2-S3 (semver)
Affected: 23.4 , < 23.4R2-S4 (semver)
Affected: 24.2 , < 24.2R1-S2, 24.2R2 (semver)
Create a notification for this product.
Date Public
2025-03-12 14:00
Credits
Juniper SIRT would like to acknowledge and thank Matteo Memelli from Amazon for responsibly reporting this issue. Note: Amazon found the issue during internal security research and not due to exploitation.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21590",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-14T03:55:21.999597Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-03-13",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21590"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T19:09:35.631Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21590"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-03-13T00:00:00.000Z",
            "value": "CVE-2025-21590 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.2R3-S9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S10",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S6",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S6",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S3",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S4",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R1-S2, 24.2R2",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Juniper SIRT would like to acknowledge and thank Matteo Memelli from Amazon for responsibly reporting this issue. Note: Amazon found the issue during internal security research and not due to exploitation."
        }
      ],
      "datePublic": "2025-03-12T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device.\u003cbr\u003e\u003cbr\u003eA local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device.\u003cbr\u003eThis issue is not exploitable from the Junos CLI.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S10,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S4,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R1-S2, 24.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device.\n\nA local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device.\nThis issue is not exploitable from the Junos CLI.\nThis issue affects Junos OS:\u00a0\n\n\n\n  *  All versions before 21.2R3-S9,\n  *  21.4 versions before 21.4R3-S10,\u00a0\n  *  22.2 versions before 22.2R3-S6,\u00a0\n  *  22.4 versions before 22.4R3-S6,\u00a0\n  *  23.2 versions before 23.2R2-S3,\u00a0\n  *  23.4 versions before 23.4R2-S4,\n  *  24.2 versions before 24.2R1-S2, 24.2R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "At least one instance of malicious exploitation has been reported to the Juniper SIRT. Customers are encouraged to upgrade to a fixed release as soon as it\u0027s available and in the meantime take steps to mitigate this vulnerability."
            }
          ],
          "value": "At least one instance of malicious exploitation has been reported to the Juniper SIRT. Customers are encouraged to upgrade to a fixed release as soon as it\u0027s available and in the meantime take steps to mitigate this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "CWE-653 Improper Isolation or Compartmentalization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-06T08:00:02.011Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA93446"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases.\u003c/p\u003e\n\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\u003cp\u003ePlease note that this issue is not fixed for all platforms in the releases specified in the solution section.\u003c/p\u003e\n\u003cp\u003eFor the following products the fix is only available in these releases:\u003c/p\u003e\n\u003cp\u003eSRX300 Series\u2003\u0026nbsp; 21.2R3-S9, 23.4R2-S5*, 24.4R1\u003c/p\u003e\n\u003cp\u003eSRX550HM\u2003\u2003\u2003 22.2R3-S7*\u003c/p\u003e\n\u003cp\u003eEX4300 Series \u0026nbsp; \u0026nbsp; 21.4R3-S11*  (except EX4300-48MP which has fixes available as indicated in the solution)\u003c/p\u003e\n\u003cp\u003eEX4600  \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 21.4R3-S11*  (except EX4650 which has fixes available as indicated in the solution)\u003c/p\u003e\n\u003cp\u003eACX1000, ACX1100, ACX2100, ACX2200, ACX4000,\u003c/p\u003e\n\u003cp\u003eACX500  \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;21.2R3-S9\u003c/p\u003e\n\u003cp\u003eMX104  \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 21.2R3-S9\u003c/p\u003e\n\u003cp\u003e* Future Release\u0026nbsp;\u003c/p\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases.\n\n\n\u00a0\n\n\nPlease note that this issue is not fixed for all platforms in the releases specified in the solution section.\n\n\nFor the following products the fix is only available in these releases:\n\n\nSRX300 Series\u2003\u00a0 21.2R3-S9, 23.4R2-S5*, 24.4R1\n\n\nSRX550HM\u2003\u2003\u2003 22.2R3-S7*\n\n\nEX4300 Series \u00a0 \u00a0 21.4R3-S11*  (except EX4300-48MP which has fixes available as indicated in the solution)\n\n\nEX4600  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 21.4R3-S11*  (except EX4650 which has fixes available as indicated in the solution)\n\n\nACX1000, ACX1100, ACX2100, ACX2200, ACX4000,\n\n\nACX500  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a021.2R3-S9\n\n\nMX104  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 21.2R3-S9\n\n\n* Future Release"
        }
      ],
      "source": {
        "advisory": "JSA93446",
        "defect": [
          "1838460",
          "1872010"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-03-12T14:00:00.000Z",
          "value": "Initial Publication"
        },
        {
          "lang": "en",
          "time": "2025-03-12T15:16:00.000Z",
          "value": "Corrected hotlinks for CVSS assessments"
        },
        {
          "lang": "en",
          "time": "2025-03-14T14:00:00.000Z",
          "value": "Rephrased sentences on Amazon involvement to reduce the chance for confusion"
        },
        {
          "lang": "en",
          "time": "2025-04-09T08:17:00.000Z",
          "value": "Updated solution section to clarify which platforms are not fixed in all but only in specific releases"
        },
        {
          "lang": "en",
          "time": "2025-04-14T07:15:00.000Z",
          "value": "For the products/platforms specifically mentioned in the solution section: Please note that Junos OS version 21.2R3-S9.20, which was made available last week, does not address the issue completely. We\u0027ll publish an updated version with the complete fix and update this advisory as soon as possible."
        },
        {
          "lang": "en",
          "time": "2025-05-06T08:00:00.000Z",
          "value": "For the products/platforms specifically mentioned in the solution section: Please note that Junos OS version 21.2R3-S9.21 has been publish with the complete fix."
        }
      ],
      "title": "Junos OS: An local attacker with shell access can execute arbitrary code",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "It is strongly recommended to mitigate the risk of exploitation by restricting shell access to trusted users only.\n\n\u003cbr\u003e"
            }
          ],
          "value": "It is strongly recommended to mitigate the risk of exploitation by restricting shell access to trusted users only."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2025-21590",
    "datePublished": "2025-03-12T13:59:43.038Z",
    "dateReserved": "2024-12-26T14:47:11.667Z",
    "dateUpdated": "2026-02-26T19:09:35.631Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-20109 (GCVE-0-2025-20109)

Vulnerability from cvelistv5 – Published: 2025-08-12 16:58 – Updated: 2026-02-26 17:49
VLAI
Summary
Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • Escalation of Privilege
  • CWE-653 - Improper Isolation or Compartmentalization
Assigner
Impacted products
Vendor Product Version
n/a Intel(R) Processors Affected: See references
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20109",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T15:04:38.127973Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:49:37.355Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:32:06.320Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00027.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Processors",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege",
              "lang": "en"
            },
            {
              "cweId": "CWE-653",
              "description": "Improper Isolation or Compartmentalization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T16:58:18.377Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01249.html",
          "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01249.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2025-20109",
    "datePublished": "2025-08-12T16:58:18.377Z",
    "dateReserved": "2024-10-10T03:00:11.159Z",
    "dateUpdated": "2026-02-26T17:49:37.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12805 (GCVE-0-2025-12805)

Vulnerability from cvelistv5 – Published: 2026-03-26 21:48 – Updated: 2026-03-31 03:55
VLAI
Title
Llama-stack-k8s-operator: llama stack service exposed across namespaces due to missing networkpolicy
Summary
A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user’s Llama Stack instance and potentially view or manipulate sensitive data.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
URL Tags
https://access.redhat.com/errata/RHSA-2026:2106 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2695 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-12805 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2413101 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat OpenShift AI 2.25 Unaffected: sha256:c0d95dfbae20e87113ffb81026d379bb63ad300447df98b27d1bf9a83b084744 , < * (rpm)
    cpe:/a:redhat:openshift_ai:2.25::el9
Create a notification for this product.
Red Hat Red Hat OpenShift AI 2.25 Unaffected: sha256:1d258fe98c2477e4256a9b936f412f2501fb7ca9e3b810347f9712e0d5ce5c92 , < * (rpm)
    cpe:/a:redhat:openshift_ai:2.25::el9
Create a notification for this product.
Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
Create a notification for this product.
Date Public
2025-12-31 23:59
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12805",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-30T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-31T03:55:34.790Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai:2.25::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-llama-stack-k8s-operator-rhel9",
          "product": "Red Hat OpenShift AI 2.25",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:c0d95dfbae20e87113ffb81026d379bb63ad300447df98b27d1bf9a83b084744",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai:2.25::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhoai/odh-llama-stack-k8s-operator-rhel9",
          "product": "Red Hat OpenShift AI 2.25",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:1d258fe98c2477e4256a9b936f412f2501fb7ca9e3b810347f9712e0d5ce5c92",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhoai/odh-dashboard-rhel9",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhoai/odh-mod-arch-model-registry-rhel9",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-12-31T23:59:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user\u2019s Llama Stack instance and potentially view or manipulate sensitive data."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "Improper Isolation or Compartmentalization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-26T21:48:16.762Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:2106",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:2106"
        },
        {
          "name": "RHSA-2026:2695",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:2695"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-12805"
        },
        {
          "name": "RHBZ#2413101",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413101"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-11-06T13:38:39.035Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-12-31T23:59:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Llama-stack-k8s-operator: llama stack service exposed across namespaces due to missing networkpolicy",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-653: Improper Isolation or Compartmentalization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-12805",
    "datePublished": "2026-03-26T21:48:16.762Z",
    "dateReserved": "2025-11-06T13:48:05.305Z",
    "dateUpdated": "2026-03-31T03:55:34.790Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12695 (GCVE-0-2025-12695)

Vulnerability from cvelistv5 – Published: 2025-11-04 13:24 – Updated: 2025-11-04 14:19
VLAI
Title
Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox
Summary
The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
Impacted products
Vendor Product Version
Affected: 0 (python)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12695",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-04T14:19:21.124251Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-04T14:19:33.945Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pypi.org/project/pip",
          "packageName": "dspy",
          "versions": [
            {
              "status": "affected",
              "version": "0",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the \u201cPythonInterpreter\u201d class.\u003c/p\u003e"
            }
          ],
          "value": "The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the \u201cPythonInterpreter\u201d class."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "CWE-653 Improper Isolation or Compartmentalization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-04T13:24:42.358Z",
        "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
        "shortName": "JFROG"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://research.jfrog.com/vulnerabilities/dspy-sandbox-escape-arbitrary-file-read-jfsa-2025-001495652/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
    "assignerShortName": "JFROG",
    "cveId": "CVE-2025-12695",
    "datePublished": "2025-11-04T13:24:42.358Z",
    "dateReserved": "2025-11-04T13:05:46.639Z",
    "dateUpdated": "2025-11-04T14:19:33.945Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-6705 (GCVE-0-2025-6705)

Vulnerability from cvelistv5 – Published: 2025-06-27 14:57 – Updated: 2025-07-02 06:58
VLAI
Summary
A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new extension versions under any namespace, including those not controlled by an attacker. However, it did not permit deletion of existing extensions, overwriting of published versions, or access to administrative features of the registry. The issue was reported on May 4, 2025, fully resolved by June 24, and followed by a comprehensive audit. No evidence of compromise was found, though 81 extensions were proactively deactivated as a precaution. The standard publishing process remained unaffected. Recommendations have been issued to mitigate similar risks in the future.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-913 - Improper Control of Dynamically-Managed Code Resources
  • CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
Impacted products
Vendor Product Version
Eclipse Foundation Eclipse Open VSX Registry Affected: date < 20250624 (custom)
Create a notification for this product.
Credits
Oren Yomtov (Koi Security)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6705",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-27T15:52:03.859232Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-27T15:52:29.798Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://open-vsx.org",
          "defaultStatus": "unaffected",
          "product": "Eclipse Open VSX Registry",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "date \u003c 20250624",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Oren Yomtov (Koi Security)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA vulnerability in the Eclipse Open VSX Registry\u2019s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system\u2019s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new extension versions under any namespace, including those not controlled by an attacker. However, it did not permit deletion of existing extensions, overwriting of published versions, or access to administrative features of the registry.\u003cbr\u003e\u003cbr\u003eThe issue was reported on May 4, 2025, fully resolved by June 24, and followed by a comprehensive audit. No evidence of compromise was found, though 81 extensions were proactively deactivated as a precaution. The standard publishing process remained unaffected. Recommendations have been issued to mitigate similar risks in the future.\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "A vulnerability in the Eclipse Open VSX Registry\u2019s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system\u2019s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new extension versions under any namespace, including those not controlled by an attacker. However, it did not permit deletion of existing extensions, overwriting of published versions, or access to administrative features of the registry.\n\nThe issue was reported on May 4, 2025, fully resolved by June 24, and followed by a comprehensive audit. No evidence of compromise was found, though 81 extensions were proactively deactivated as a precaution. The standard publishing process remained unaffected. Recommendations have been issued to mitigate similar risks in the future."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-913",
              "description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "CWE-653 Improper Isolation or Compartmentalization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-02T06:58:28.586Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "https://open-vsx.org"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/EclipseFdn/publish-extensions/pull/881"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2025-6705",
    "datePublished": "2025-06-27T14:57:06.595Z",
    "dateReserved": "2025-06-26T10:19:23.466Z",
    "dateUpdated": "2025-07-02T06:58:28.586Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-5476 (GCVE-0-2025-5476)

Vulnerability from cvelistv5 – Published: 2025-06-21 00:09 – Updated: 2025-06-23 14:47
VLAI
Title
Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability
Summary
Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of ACL-U links. The issue results from the lack of L2CAP channel isolation. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26284.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-653 - Improper Isolation or Compartmentalization
Assigner
zdi
References
Impacted products
Vendor Product Version
Sony XAV-AX8500 Affected: 2.00.01
Create a notification for this product.
Date Public
2025-06-11 17:41
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-5476",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-23T14:47:05.798493Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-23T14:47:12.400Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "XAV-AX8500",
          "vendor": "Sony",
          "versions": [
            {
              "status": "affected",
              "version": "2.00.01"
            }
          ]
        }
      ],
      "dateAssigned": "2025-06-02T19:14:36.638Z",
      "datePublic": "2025-06-11T17:41:28.970Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of ACL-U links. The issue results from the lack of L2CAP channel isolation. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26284."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "CWE-653: Improper Isolation or Compartmentalization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-21T00:09:49.419Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-25-357",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-357/"
        },
        {
          "name": "vendor-provided URL",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Mikhail Evdokimov (@konatabrk) from PCAutomotive"
      },
      "title": "Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2025-5476",
    "datePublished": "2025-06-21T00:09:49.419Z",
    "dateReserved": "2025-06-02T19:14:36.601Z",
    "dateUpdated": "2025-06-23T14:47:12.400Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-3717 (GCVE-0-2025-3717)

Vulnerability from cvelistv5 – Published: 2025-11-11 20:17 – Updated: 2025-11-12 21:46
VLAI
Title
Incorrect oauth passthrough in Grafana Snowflake Datasource
Summary
When using the Grafana Snowflake Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it  could result in  the wrong user identifier being used, and information for which the viewer is not authorized being returned.  This issue affects Grafana Snowflake Datasource Plugin: from 1.5.0 before 1.14.1.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Grafana Labs Grafana Snowflake Datasource Plugin Affected: 1.5.0 , < 1.14.1 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3717",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-12T21:46:02.961565Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-12T21:46:15.867Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Grafana Snowflake Datasource Plugin",
          "vendor": "Grafana Labs",
          "versions": [
            {
              "lessThan": "1.14.1",
              "status": "affected",
              "version": "1.5.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eWhen using the Grafana Snowflake Datasource Plugin,\u003cbr\u003eif Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it\u0026nbsp; could result in\u0026nbsp;\u003c/div\u003e\u003cdiv\u003ethe wrong user identifier being used, and information for which the viewer is not authorized being returned.\u0026nbsp;\u003c/div\u003e\u003cp\u003eThis issue affects Grafana Snowflake Datasource Plugin: from 1.5.0 before 1.14.1.\u003c/p\u003e"
            }
          ],
          "value": "When using the Grafana Snowflake Datasource Plugin,\nif Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it\u00a0 could result in\u00a0\n\nthe wrong user identifier being used, and information for which the viewer is not authorized being returned.\u00a0\n\nThis issue affects Grafana Snowflake Datasource Plugin: from 1.5.0 before 1.14.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "CWE-653",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-11T20:17:48.364Z",
        "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "shortName": "GRAFANA"
      },
      "references": [
        {
          "url": "https://grafana.com/security/security-advisories/cve-2025-3717/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Incorrect oauth passthrough in Grafana Snowflake Datasource",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
    "assignerShortName": "GRAFANA",
    "cveId": "CVE-2025-3717",
    "datePublished": "2025-11-11T20:17:48.364Z",
    "dateReserved": "2025-04-16T08:56:42.388Z",
    "dateUpdated": "2025-11-12T21:46:15.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-3086 (GCVE-0-2025-3086)

Vulnerability from cvelistv5 – Published: 2025-04-04 06:37 – Updated: 2026-02-23 10:26
VLAI
Title
User in anonymous role could create and delete views
Summary
Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Impacted products
Vendor Product Version
M-Files Corporation M-Files Server Affected: 0 , < 25.3.14549 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3086",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-04T13:24:14.425443Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-04T13:25:05.573Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "M-Files Server",
          "vendor": "M-Files Corporation",
          "versions": [
            {
              "lessThan": "25.3.14549",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service"
            }
          ],
          "value": "Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "CWE-653",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-23T10:26:58.607Z",
        "orgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410",
        "shortName": "M-Files Corporation"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://product.m-files.com/security-advisories/cve-2025-3086/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://empower.m-files.com/security-advisories/CVE-2025-3086"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "User in anonymous role could create and delete views",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410",
    "assignerShortName": "M-Files Corporation",
    "cveId": "CVE-2025-3086",
    "datePublished": "2025-04-04T06:37:42.901Z",
    "dateReserved": "2025-04-01T11:18:33.242Z",
    "dateUpdated": "2026-02-23T10:26:58.607Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design

Break up privileges between different modules, objects, or entities. Minimize the interfaces between modules and require strong access control between them.

No CAPEC attack patterns related to this CWE.