Common Weakness Enumeration

CWE-863

Allowed-with-Review

Incorrect Authorization

Abstraction: Class · Status: Incomplete

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

5548 vulnerabilities reference this CWE, most recent first.

CVE-2025-48446 (GCVE-0-2025-48446)

Vulnerability from cvelistv5 – Published: 2025-06-11 14:34 – Updated: 2025-06-11 15:48
VLAI
Title
Commerce Alphabank Redirect - Moderately critical - Access bypass - SA-CONTRIB-2025-067
Summary
Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Vendor Product Version
Drupal Commerce Alphabank Redirect Affected: 0.0.0 , < 1.0.3 (semver)
Create a notification for this product.
Date Public
2025-05-21 17:28
Credits
Marios Tsalkidis (silios) Bill Seremetis (bserem) Panagiotis Moutsopoulos (vensires) Greg Knaddison (greggles) Juraj Nemec (poker10)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-48446",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-11T15:47:34.403882Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-11T15:48:21.281Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.drupal.org/project/commerce_alphabank_redirect",
          "defaultStatus": "unaffected",
          "product": "Commerce Alphabank Redirect",
          "repo": "https://git.drupalcode.org/project/commerce_alphabank_redirect",
          "vendor": "Drupal",
          "versions": [
            {
              "lessThan": "1.0.3",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Marios Tsalkidis (silios)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Bill Seremetis (bserem)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Panagiotis Moutsopoulos (vensires)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Greg Knaddison (greggles)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Juraj Nemec (poker10)"
        }
      ],
      "datePublic": "2025-05-21T17:28:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.\u003cp\u003eThis issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.\u003c/p\u003e"
            }
          ],
          "value": "Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-212",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-212 Functionality Misuse"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-11T14:34:50.071Z",
        "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "shortName": "drupal"
      },
      "references": [
        {
          "url": "https://www.drupal.org/sa-contrib-2025-067"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Commerce Alphabank Redirect - Moderately critical - Access bypass - SA-CONTRIB-2025-067",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
    "assignerShortName": "drupal",
    "cveId": "CVE-2025-48446",
    "datePublished": "2025-06-11T14:34:50.071Z",
    "dateReserved": "2025-05-21T16:25:07.435Z",
    "dateUpdated": "2025-06-11T15:48:21.281Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-48445 (GCVE-0-2025-48445)

Vulnerability from cvelistv5 – Published: 2025-06-11 14:31 – Updated: 2025-06-11 15:38
VLAI
Title
Commerce Eurobank (Redirect) - Moderately critical - Access bypass - SA-CONTRIB-2025-066
Summary
Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Vendor Product Version
Drupal Commerce Eurobank (Redirect) Affected: 0.0.0 , < 2.1.1 (semver)
Create a notification for this product.
Date Public
2025-05-21 17:28
Credits
Marios Tsalkidis (silios) Bill Seremetis (bserem) Panagiotis Moutsopoulos (vensires) Greg Knaddison (greggles) Juraj Nemec (poker10)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-48445",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-11T15:34:39.777239Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-11T15:38:27.544Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.drupal.org/project/commerce_eurobank_redirect",
          "defaultStatus": "unaffected",
          "product": "Commerce Eurobank (Redirect)",
          "repo": "https://git.drupalcode.org/project/commerce_eurobank_redirect",
          "vendor": "Drupal",
          "versions": [
            {
              "lessThan": "2.1.1",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Marios Tsalkidis (silios)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Bill Seremetis (bserem)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Panagiotis Moutsopoulos (vensires)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Greg Knaddison (greggles)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Juraj Nemec (poker10)"
        }
      ],
      "datePublic": "2025-05-21T17:28:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.\u003cp\u003eThis issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.\u003c/p\u003e"
            }
          ],
          "value": "Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-212",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-212 Functionality Misuse"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-11T14:31:03.526Z",
        "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "shortName": "drupal"
      },
      "references": [
        {
          "url": "https://www.drupal.org/sa-contrib-2025-066"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Commerce Eurobank (Redirect) - Moderately critical - Access bypass - SA-CONTRIB-2025-066",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
    "assignerShortName": "drupal",
    "cveId": "CVE-2025-48445",
    "datePublished": "2025-06-11T14:31:03.526Z",
    "dateReserved": "2025-05-21T16:25:07.435Z",
    "dateUpdated": "2025-06-11T15:38:27.544Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-48373 (GCVE-0-2025-48373)

Vulnerability from cvelistv5 – Published: 2025-05-22 20:39 – Updated: 2025-05-27 20:28
VLAI
Title
Schule Has Client-Side Role-Based Access Control (RBAC) Bypass Vulnerability
Summary
Schule is open-source school management system software. The application relies on client-side JavaScript (index.js) to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk because it assumes that the value of data.role is trustworthy on the client side. Attackers can manipulate JavaScript in the browser (e.g., via browser dev tools or intercepting API responses) and set data.role to any arbitrary value (e.g., "admin"), gaining unauthorized access to restricted areas of the application.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Vendor Product Version
schule111 Schule Affected: < 1.0.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48373",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-23T14:34:42.968739Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-27T20:28:17.446Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Schule",
          "vendor": "schule111",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Schule is open-source school management system software. The application relies on client-side JavaScript (index.js) to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk because it assumes that the value of data.role is trustworthy on the client side. Attackers can manipulate JavaScript in the browser (e.g., via browser dev tools or intercepting API responses) and set data.role to any arbitrary value (e.g., \"admin\"), gaining unauthorized access to restricted areas of the application."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-22T20:39:35.548Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/schule111/Schule/security/advisories/GHSA-37h9-qq7c-6mc9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/schule111/Schule/security/advisories/GHSA-37h9-qq7c-6mc9"
        },
        {
          "name": "https://github.com/schule111/Schule/commit/cbf7f509c37acd69b4ab8ee19d842de867b46b7e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/schule111/Schule/commit/cbf7f509c37acd69b4ab8ee19d842de867b46b7e"
        }
      ],
      "source": {
        "advisory": "GHSA-37h9-qq7c-6mc9",
        "discovery": "UNKNOWN"
      },
      "title": "Schule Has Client-Side Role-Based Access Control (RBAC) Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-48373",
    "datePublished": "2025-05-22T20:39:35.548Z",
    "dateReserved": "2025-05-19T15:46:00.395Z",
    "dateUpdated": "2025-05-27T20:28:17.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-48044 (GCVE-0-2025-48044)

Vulnerability from cvelistv5 – Published: 2025-10-17 13:52 – Updated: 2026-05-27 15:40
VLAI
Title
Authorization bypass when bypass policy condition evaluates to true
Summary
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/ash@3.6.3 before pkg:hex/ash@3.7.1, from 3.6.3 before 3.7.1, from 79749c2685ea031ebb2de8cf60cc5edced6a8dd0 before 8b83efa225f657bfc3656ad8ee8485f9b2de923d.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
Assigner
EEF
Impacted products
Vendor Product Version
ash-project ash Affected: 3.6.3 , < 3.7.1 (semver)
    cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*
Create a notification for this product.
ash-project ash Affected: 79749c2685ea031ebb2de8cf60cc5edced6a8dd0 , < 8b83efa225f657bfc3656ad8ee8485f9b2de923d (git)
    cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Jechol Lee Jechol Lee Jonatan Männchen / EEF Zach Daniel
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48044",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-20T18:42:50.579615Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-15T13:59:25.673Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/ash-project/ash/security/advisories/GHSA-pcxq-fjp3-r752"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.hex.pm",
          "cpes": [
            "cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "packageName": "ash",
          "packageURL": "pkg:hex/ash",
          "product": "ash",
          "programFiles": [
            "lib/ash/policy/policy.ex"
          ],
          "programRoutines": [
            {
              "name": "\u0027Elixir.Ash.Policy.Policy\u0027:expression/2"
            }
          ],
          "repo": "https://github.com/ash-project/ash",
          "vendor": "ash-project",
          "versions": [
            {
              "lessThan": "3.7.1",
              "status": "affected",
              "version": "3.6.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://github.com",
          "cpes": [
            "cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "packageName": "ash-project/ash",
          "packageURL": "pkg:github/ash-project/ash",
          "product": "ash",
          "programFiles": [
            "lib/ash/policy/policy.ex"
          ],
          "programRoutines": [
            {
              "name": "\u0027Elixir.Ash.Policy.Policy\u0027:expression/2"
            }
          ],
          "repo": "https://github.com/ash-project/ash",
          "vendor": "ash-project",
          "versions": [
            {
              "lessThan": "8b83efa225f657bfc3656ad8ee8485f9b2de923d",
              "status": "affected",
              "version": "79749c2685ea031ebb2de8cf60cc5edced6a8dd0",
              "versionType": "git"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "3.7.1",
                  "versionStartIncluding": "3.6.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "AND"
            }
          ],
          "operator": "AND"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jechol Lee"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Jechol Lee"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Jonatan M\u00e4nnchen / EEF"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Zach Daniel"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/ash/policy/policy.ex\u003c/tt\u003e and program routines \u003ctt\u003e\u0027Elixir.Ash.Policy.Policy\u0027:expression/2\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects ash: from pkg:hex/ash@3.6.3 before pkg:hex/ash@3.7.1, from 3.6.3 before 3.7.1, from 79749c2685ea031ebb2de8cf60cc5edced6a8dd0 before 8b83efa225f657bfc3656ad8ee8485f9b2de923d.\u003c/p\u003e"
            }
          ],
          "value": "Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines \u0027Elixir.Ash.Policy.Policy\u0027:expression/2.\n\nThis issue affects ash: from pkg:hex/ash@3.6.3 before pkg:hex/ash@3.7.1, from 3.6.3 before 3.7.1, from 79749c2685ea031ebb2de8cf60cc5edced6a8dd0 before 8b83efa225f657bfc3656ad8ee8485f9b2de923d."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T15:40:21.571Z",
        "orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
        "shortName": "EEF"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "related"
          ],
          "url": "https://github.com/ash-project/ash/security/advisories/GHSA-pcxq-fjp3-r752"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://cna.erlef.org/cves/CVE-2025-48044.html"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://osv.dev/vulnerability/EEF-CVE-2025-48044"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/ash-project/ash/commit/8b83efa225f657bfc3656ad8ee8485f9b2de923d"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Authorization bypass when bypass policy condition evaluates to true",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
    "assignerShortName": "EEF",
    "cveId": "CVE-2025-48044",
    "datePublished": "2025-10-17T13:52:53.644Z",
    "dateReserved": "2025-05-15T08:40:25.455Z",
    "dateUpdated": "2026-05-27T15:40:21.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-48043 (GCVE-0-2025-48043)

Vulnerability from cvelistv5 – Published: 2025-10-10 15:57 – Updated: 2026-05-27 15:40
VLAI
Title
Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization
Summary
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strict_filters/2. This issue affects ash: from pkg:hex/ash@0 before pkg:hex/ash@3.6.2, before 3.6.2, before 66d81300065b970da0d2f4528354835d2418c7ae.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
Assigner
EEF
Impacted products
Vendor Product Version
ash-project ash Affected: 0 , < 3.6.2 (semver)
    cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*
Create a notification for this product.
ash-project ash Affected: 0 , < 66d81300065b970da0d2f4528354835d2418c7ae (git)
    cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Zach Daniel Jonatan Männchen / EEF Jonatan Männchen / EEF
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48043",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-10T16:33:21.270063Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-10T16:45:42.403Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.hex.pm",
          "cpes": [
            "cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "packageName": "ash",
          "packageURL": "pkg:hex/ash",
          "product": "ash",
          "programFiles": [
            "lib/ash/policy/authorizer/authorizer.ex"
          ],
          "programRoutines": [
            {
              "name": "\u0027Elixir.Ash.Policy.Authorizer\u0027:strict_filters/2"
            }
          ],
          "repo": "https://github.com/ash-project/ash",
          "vendor": "ash-project",
          "versions": [
            {
              "lessThan": "3.6.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://github.com",
          "cpes": [
            "cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "packageName": "ash-project/ash",
          "packageURL": "pkg:github/ash-project/ash",
          "product": "ash",
          "programFiles": [
            "lib/ash/policy/authorizer/authorizer.ex"
          ],
          "programRoutines": [
            {
              "name": "\u0027Elixir.Ash.Policy.Authorizer\u0027:strict_filters/2"
            }
          ],
          "repo": "https://github.com/ash-project/ash",
          "vendor": "ash-project",
          "versions": [
            {
              "lessThan": "66d81300065b970da0d2f4528354835d2418c7ae",
              "status": "affected",
              "version": "0",
              "versionType": "git"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "3.6.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "AND"
            }
          ],
          "operator": "AND"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Zach Daniel"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Jonatan M\u00e4nnchen / EEF"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Jonatan M\u00e4nnchen / EEF"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/ash/policy/authorizer/authorizer.ex\u003c/tt\u003e and program routines \u003ctt\u003e\u0027Elixir.Ash.Policy.Authorizer\u0027:strict_filters/2\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects ash: from pkg:hex/ash@0 before pkg:hex/ash@3.6.2, before 3.6.2, before 66d81300065b970da0d2f4528354835d2418c7ae.\u003c/p\u003e"
            }
          ],
          "value": "Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines \u0027Elixir.Ash.Policy.Authorizer\u0027:strict_filters/2.\n\nThis issue affects ash: from pkg:hex/ash@0 before pkg:hex/ash@3.6.2, before 3.6.2, before 66d81300065b970da0d2f4528354835d2418c7ae."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T15:40:17.241Z",
        "orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
        "shortName": "EEF"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "related"
          ],
          "url": "https://github.com/ash-project/ash/security/advisories/GHSA-7r7f-9xpj-jmr7"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://cna.erlef.org/cves/CVE-2025-48043.html"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://osv.dev/vulnerability/EEF-CVE-2025-48043"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/ash-project/ash/commit/66d81300065b970da0d2f4528354835d2418c7ae"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
    "assignerShortName": "EEF",
    "cveId": "CVE-2025-48043",
    "datePublished": "2025-10-10T15:57:29.225Z",
    "dateReserved": "2025-05-15T08:40:25.455Z",
    "dateUpdated": "2026-05-27T15:40:17.241Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-48042 (GCVE-0-2025-48042)

Vulnerability from cvelistv5 – Published: 2025-09-07 16:01 – Updated: 2026-05-27 15:40
VLAI
Title
Before action hooks may execute in certain scenarios despite a request being forbidden
Summary
Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routines 'Elixir.Ash.Actions.Create.Bulk':run/5, 'Elixir.Ash.Actions.Destroy.Bulk':run/6, 'Elixir.Ash.Actions.Update.Bulk:run'/6. This issue affects ash: from pkg:hex/ash before pkg:hex/ash@3.5.39, before 3.5.39, before 5d1b6a5d00771fd468a509778637527b5218be9a.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
Assigner
EEF
Impacted products
Vendor Product Version
ash-project ash Affected: 0 , < 3.5.39 (semver)
    cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*
Create a notification for this product.
ash-project ash Affected: 0 , < 5d1b6a5d00771fd468a509778637527b5218be9a (git)
    cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Zach Daniel Jonatan Männchen / EEF
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48042",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-08T18:54:54.599381Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-08T18:55:11.399Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.hex.pm",
          "cpes": [
            "cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "packageName": "ash",
          "packageURL": "pkg:hex/ash",
          "product": "ash",
          "programFiles": [
            "lib/ash/actions/create/bulk.ex",
            "lib/ash/actions/destroy/bulk.ex",
            "lib/ash/actions/update/bulk.ex"
          ],
          "programRoutines": [
            {
              "name": "\u0027Elixir.Ash.Actions.Create.Bulk\u0027:run/5"
            },
            {
              "name": "\u0027Elixir.Ash.Actions.Destroy.Bulk\u0027:run/6"
            },
            {
              "name": "\u0027Elixir.Ash.Actions.Update.Bulk\u0027:run/6"
            }
          ],
          "repo": "https://github.com/ash-project/ash",
          "vendor": "ash-project",
          "versions": [
            {
              "lessThan": "3.5.39",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://github.com",
          "cpes": [
            "cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "packageName": "ash-project/ash",
          "packageURL": "pkg:github/ash-project/ash",
          "product": "ash",
          "programFiles": [
            "lib/ash/actions/create/bulk.ex",
            "lib/ash/actions/destroy/bulk.ex",
            "lib/ash/actions/update/bulk.ex"
          ],
          "programRoutines": [
            {
              "name": "\u0027Elixir.Ash.Actions.Create.Bulk\u0027:run/5"
            },
            {
              "name": "\u0027Elixir.Ash.Actions.Destroy.Bulk\u0027:run/6"
            },
            {
              "name": "\u0027Elixir.Ash.Actions.Update.Bulk\u0027:run/6"
            }
          ],
          "repo": "https://github.com/ash-project/ash",
          "vendor": "ash-project",
          "versions": [
            {
              "lessThan": "5d1b6a5d00771fd468a509778637527b5218be9a",
              "status": "affected",
              "version": "0",
              "versionType": "git"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:ash-project:ash:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "3.5.39",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "AND"
            }
          ],
          "operator": "AND"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Zach Daniel"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Jonatan M\u00e4nnchen / EEF"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/ash/actions/create/bulk.ex\u003c/tt\u003e, \u003ctt\u003elib/ash/actions/destroy/bulk.ex\u003c/tt\u003e, \u003ctt\u003elib/ash/actions/update/bulk.ex\u003c/tt\u003e and program routines \u003ctt\u003e\u0027Elixir.Ash.Actions.Create.Bulk\u0027:run/5\u003c/tt\u003e, \u003ctt\u003e\u0027Elixir.Ash.Actions.Destroy.Bulk\u0027:run/6\u003c/tt\u003e, \u003ctt\u003e\u0027Elixir.Ash.Actions.Update.Bulk\u0027:run/6\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects ash: from pkg:hex/ash before pkg:hex/ash@3.5.39, before 3.5.39, before 5d1b6a5d00771fd468a509778637527b5218be9a.\u003c/p\u003e"
            }
          ],
          "value": "Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routines \u0027Elixir.Ash.Actions.Create.Bulk\u0027:run/5, \u0027Elixir.Ash.Actions.Destroy.Bulk\u0027:run/6, \u0027Elixir.Ash.Actions.Update.Bulk:run\u0027/6.\n\nThis issue affects ash: from pkg:hex/ash before pkg:hex/ash@3.5.39, before 3.5.39, before 5d1b6a5d00771fd468a509778637527b5218be9a."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-180",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T15:40:15.857Z",
        "orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
        "shortName": "EEF"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "related"
          ],
          "url": "https://github.com/ash-project/ash/security/advisories/GHSA-jj4j-x5ww-cwh9"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://cna.erlef.org/cves/CVE-2025-48042.html"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://osv.dev/vulnerability/EEF-CVE-2025-48042"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/ash-project/ash/commit/5d1b6a5d00771fd468a509778637527b5218be9a"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Before action hooks may execute in certain scenarios despite a request being forbidden",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
    "assignerShortName": "EEF",
    "cveId": "CVE-2025-48042",
    "datePublished": "2025-09-07T16:01:01.470Z",
    "dateReserved": "2025-05-15T08:40:25.455Z",
    "dateUpdated": "2026-05-27T15:40:15.857Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-47937 (GCVE-0-2025-47937)

Vulnerability from cvelistv5 – Published: 2025-05-20 13:47 – Updated: 2025-05-20 14:23
VLAI
Title
TYPO3 Vulnerable to Information Disclosure via DBAL Restriction Handling
Summary
TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer (DBAL), frontend user permissions are only applied via `FrontendGroupRestriction` to the first table. As a result, data from additional tables included in the same query may be unintentionally exposed to unauthorized users. Users should update to TYPO3 version 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Vendor Product Version
TYPO3 typo3 Affected: >= 9.0.0, < 9.5.51
Affected: >= 10.0.0, < 10.4.50
Affected: >= 11.0.0, < 11.5.44
Affected: >= 12.0.0, < 12.4.31
Affected: >= 13.0.0, < 13.4.12
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-47937",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-20T13:57:34.105162Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-20T14:23:17.865Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "typo3",
          "vendor": "TYPO3",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 9.0.0, \u003c 9.5.51"
            },
            {
              "status": "affected",
              "version": "\u003e= 10.0.0, \u003c 10.4.50"
            },
            {
              "status": "affected",
              "version": "\u003e= 11.0.0, \u003c 11.5.44"
            },
            {
              "status": "affected",
              "version": "\u003e= 12.0.0, \u003c 12.4.31"
            },
            {
              "status": "affected",
              "version": "\u003e= 13.0.0, \u003c 13.4.12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer (DBAL), frontend user permissions are only applied via `FrontendGroupRestriction` to the first table. As a result, data from additional tables included in the same query may be unintentionally exposed to unauthorized users. Users should update to TYPO3 version 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-20T13:59:02.082Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-x8pv-fgxp-8v3x",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-x8pv-fgxp-8v3x"
        },
        {
          "name": "https://typo3.org/security/advisory/typo3-core-sa-2025-011",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-011"
        }
      ],
      "source": {
        "advisory": "GHSA-x8pv-fgxp-8v3x",
        "discovery": "UNKNOWN"
      },
      "title": "TYPO3 Vulnerable to Information Disclosure via DBAL Restriction Handling"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-47937",
    "datePublished": "2025-05-20T13:47:48.595Z",
    "dateReserved": "2025-05-14T10:32:43.529Z",
    "dateUpdated": "2025-05-20T14:23:17.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-47930 (GCVE-0-2025-47930)

Vulnerability from cvelistv5 – Published: 2025-05-15 23:17 – Updated: 2025-05-16 13:19
VLAI
Title
Zulip Server has access control bypass for restrictions on creation of specific channel types
Summary
Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique works for creating private channels without permission, though such a process requires either the API or modifying the HTML, as we do mark the "private" radio button as disabled in such cases. Version 10.3 contains a patch.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
Assigner
Impacted products
Vendor Product Version
zulip zulip Affected: >= 10.0, < 10.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-47930",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-16T13:19:39.957985Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-16T13:19:46.691Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "zulip",
          "vendor": "zulip",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 10.0, \u003c 10.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the \"Who can create public channels\" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique works for creating private channels without permission, though such a process requires either the API or modifying the HTML, as we do mark the \"private\" radio button as disabled in such cases. Version 10.3 contains a patch."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-15T23:17:29.829Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/zulip/zulip/security/advisories/GHSA-rqg7-xfqg-v7q5",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/zulip/zulip/security/advisories/GHSA-rqg7-xfqg-v7q5"
        },
        {
          "name": "https://github.com/zulip/zulip/commit/d2ff4bda4c3efa30fc3ab1f151255cfdbf370f78",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/zulip/zulip/commit/d2ff4bda4c3efa30fc3ab1f151255cfdbf370f78"
        },
        {
          "name": "https://zulip.com/help/configure-who-can-create-channels",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://zulip.com/help/configure-who-can-create-channels"
        },
        {
          "name": "https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server-10-3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server-10-3"
        }
      ],
      "source": {
        "advisory": "GHSA-rqg7-xfqg-v7q5",
        "discovery": "UNKNOWN"
      },
      "title": "Zulip Server has access control bypass for restrictions on creation of specific channel types"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-47930",
    "datePublished": "2025-05-15T23:17:29.829Z",
    "dateReserved": "2025-05-14T10:32:43.529Z",
    "dateUpdated": "2025-05-16T13:19:46.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-47871 (GCVE-0-2025-47871)

Vulnerability from cvelistv5 – Published: 2025-06-30 16:51 – Updated: 2025-06-30 20:48
VLAI
Title
Mattermost Playbooks exposes private channel metadata to unauthorized users via run metadata API
Summary
Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to access sensitive information about linked private channels including channel name, display name, and participant count through the run metadata API endpoint.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Vendor Product Version
Mattermost Mattermost Affected: 10.5.0 , ≤ 10.5.5 (semver)
Affected: 9.11.0 , ≤ 9.11.15 (semver)
Affected: 10.8.0
Affected: 10.7.0 , ≤ 10.7.2 (semver)
Affected: 10.6.0 , ≤ 10.6.5 (semver)
Unaffected: 10.9.0
Unaffected: 10.5.6
Unaffected: 9.11.16
Unaffected: 10.8.1
Unaffected: 10.7.3
Unaffected: 10.6.6
Create a notification for this product.
Credits
Leandro Chaves (brdoors3)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-47871",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-30T20:48:35.741148Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-30T20:48:41.938Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "10.5.5",
              "status": "affected",
              "version": "10.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.11.15",
              "status": "affected",
              "version": "9.11.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "10.8.0"
            },
            {
              "lessThanOrEqual": "10.7.2",
              "status": "affected",
              "version": "10.7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.6.5",
              "status": "affected",
              "version": "10.6.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "10.9.0"
            },
            {
              "status": "unaffected",
              "version": "10.5.6"
            },
            {
              "status": "unaffected",
              "version": "9.11.16"
            },
            {
              "status": "unaffected",
              "version": "10.8.1"
            },
            {
              "status": "unaffected",
              "version": "10.7.3"
            },
            {
              "status": "unaffected",
              "version": "10.6.6"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Leandro Chaves (brdoors3)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMattermost versions 10.5.x \u0026lt;= 10.5.5, 9.11.x \u0026lt;= 9.11.15, 10.8.x \u0026lt;= 10.8.0, 10.7.x \u0026lt;= 10.7.2, 10.6.x \u0026lt;= 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to access sensitive information about linked private channels including channel name, display name, and participant count through the run metadata API endpoint.\u003c/p\u003e"
            }
          ],
          "value": "Mattermost versions 10.5.x \u003c= 10.5.5, 9.11.x \u003c= 9.11.15, 10.8.x \u003c= 10.8.0, 10.7.x \u003c= 10.7.2, 10.6.x \u003c= 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to access sensitive information about linked private channels including channel name, display name, and participant count through the run metadata API endpoint."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-30T16:51:13.979Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUpdate Mattermost to versions 10.9.0, 10.5.6, 9.11.16, 10.8.1, 10.7.3, 10.6.6 or higher.\u003c/p\u003e"
            }
          ],
          "value": "Update Mattermost to versions 10.9.0, 10.5.6, 9.11.16, 10.8.1, 10.7.3, 10.6.6 or higher."
        }
      ],
      "source": {
        "advisory": "MMSA-2024-00389",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-61194"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Mattermost Playbooks exposes private channel metadata to unauthorized users via run metadata API",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2025-47871",
    "datePublished": "2025-06-30T16:51:13.979Z",
    "dateReserved": "2025-05-23T09:42:12.046Z",
    "dateUpdated": "2025-06-30T20:48:41.938Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-47382 (GCVE-0-2025-47382)

Vulnerability from cvelistv5 – Published: 2025-12-18 05:29 – Updated: 2025-12-18 15:00
VLAI
Title
Incorrect Authorization in Boot
Summary
Memory corruption while loading an invalid firmware in boot loader.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
Assigner
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: FastConnect 6200
Affected: FastConnect 6700
Affected: FastConnect 6900
Affected: FastConnect 7800
Affected: QAM8255P
Affected: QAM8295P
Affected: QAM8620P
Affected: QAM8650P
Affected: QAM8775P
Affected: QAMSRV1H
Affected: QAMSRV1M
Affected: QCA6574
Affected: QCA6574A
Affected: QCA6574AU
Affected: QCA6595
Affected: QCA6595AU
Affected: QCA6688AQ
Affected: QCA6696
Affected: QCA6698AQ
Affected: QCA6797AQ
Affected: QCA8695AU
Affected: QCA9367
Affected: QCA9377
Affected: QCM6690
Affected: QCS610
Affected: QCS6690
Affected: QMP1000
Affected: Qualcomm Video Collaboration VC1 Platform
Affected: Qualcomm Video Collaboration VC3 Platform
Affected: SA6155P
Affected: SA7255P
Affected: SA7775P
Affected: SA8155P
Affected: SA8195P
Affected: SA8255P
Affected: SA8295P
Affected: SA8620P
Affected: SA8650P
Affected: SA8770P
Affected: SA8775P
Affected: SA9000P
Affected: SG6150
Affected: SG6150P
Affected: SM4635
Affected: SM6650
Affected: SM6650P
Affected: SM7635
Affected: SM7635P
Affected: SM7675
Affected: SM7675P
Affected: SM8635
Affected: SM8635P
Affected: SM8650Q
Affected: SM8735
Affected: SM8750
Affected: SM8750P
Affected: SM8850
Affected: SM8850P
Affected: Snapdragon 4 Gen 1 Mobile Platform
Affected: Snapdragon 480 5G Mobile Platform
Affected: Snapdragon 480+ 5G Mobile Platform (SM4350-AC)
Affected: Snapdragon 695 5G Mobile Platform
Affected: Snapdragon 8 Gen 3 Mobile Platform
Affected: Snapdragon AR1 Gen 1 Platform
Affected: Snapdragon AR1 Gen 1 Platform "Luna1"
Affected: Snapdragon W5+ Gen 1 Wearable Platform
Affected: SRV1H
Affected: SRV1L
Affected: SRV1M
Affected: SW5100
Affected: SW5100P
Affected: SXR2330P
Affected: SXR2350P
Affected: WCD9370
Affected: WCD9375
Affected: WCD9378
Affected: WCD9380
Affected: WCD9385
Affected: WCD9390
Affected: WCD9395
Affected: WCN3950
Affected: WCN3980
Affected: WCN3988
Affected: WCN6450
Affected: WCN6650
Affected: WCN6755
Affected: WCN7750
Affected: WCN7860
Affected: WCN7861
Affected: WCN7880
Affected: WCN7881
Affected: WSA8810
Affected: WSA8815
Affected: WSA8830
Affected: WSA8832
Affected: WSA8835
Affected: WSA8840
Affected: WSA8845
Affected: WSA8845H
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-47382",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-18T14:45:19.270806Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-18T15:00:16.777Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Auto",
            "Snapdragon Compute",
            "Snapdragon Industrial IOT",
            "Snapdragon Mobile",
            "Snapdragon Wearables"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "FastConnect 6200"
            },
            {
              "status": "affected",
              "version": "FastConnect 6700"
            },
            {
              "status": "affected",
              "version": "FastConnect 6900"
            },
            {
              "status": "affected",
              "version": "FastConnect 7800"
            },
            {
              "status": "affected",
              "version": "QAM8255P"
            },
            {
              "status": "affected",
              "version": "QAM8295P"
            },
            {
              "status": "affected",
              "version": "QAM8620P"
            },
            {
              "status": "affected",
              "version": "QAM8650P"
            },
            {
              "status": "affected",
              "version": "QAM8775P"
            },
            {
              "status": "affected",
              "version": "QAMSRV1H"
            },
            {
              "status": "affected",
              "version": "QAMSRV1M"
            },
            {
              "status": "affected",
              "version": "QCA6574"
            },
            {
              "status": "affected",
              "version": "QCA6574A"
            },
            {
              "status": "affected",
              "version": "QCA6574AU"
            },
            {
              "status": "affected",
              "version": "QCA6595"
            },
            {
              "status": "affected",
              "version": "QCA6595AU"
            },
            {
              "status": "affected",
              "version": "QCA6688AQ"
            },
            {
              "status": "affected",
              "version": "QCA6696"
            },
            {
              "status": "affected",
              "version": "QCA6698AQ"
            },
            {
              "status": "affected",
              "version": "QCA6797AQ"
            },
            {
              "status": "affected",
              "version": "QCA8695AU"
            },
            {
              "status": "affected",
              "version": "QCA9367"
            },
            {
              "status": "affected",
              "version": "QCA9377"
            },
            {
              "status": "affected",
              "version": "QCM6690"
            },
            {
              "status": "affected",
              "version": "QCS610"
            },
            {
              "status": "affected",
              "version": "QCS6690"
            },
            {
              "status": "affected",
              "version": "QMP1000"
            },
            {
              "status": "affected",
              "version": "Qualcomm Video Collaboration VC1 Platform"
            },
            {
              "status": "affected",
              "version": "Qualcomm Video Collaboration VC3 Platform"
            },
            {
              "status": "affected",
              "version": "SA6155P"
            },
            {
              "status": "affected",
              "version": "SA7255P"
            },
            {
              "status": "affected",
              "version": "SA7775P"
            },
            {
              "status": "affected",
              "version": "SA8155P"
            },
            {
              "status": "affected",
              "version": "SA8195P"
            },
            {
              "status": "affected",
              "version": "SA8255P"
            },
            {
              "status": "affected",
              "version": "SA8295P"
            },
            {
              "status": "affected",
              "version": "SA8620P"
            },
            {
              "status": "affected",
              "version": "SA8650P"
            },
            {
              "status": "affected",
              "version": "SA8770P"
            },
            {
              "status": "affected",
              "version": "SA8775P"
            },
            {
              "status": "affected",
              "version": "SA9000P"
            },
            {
              "status": "affected",
              "version": "SG6150"
            },
            {
              "status": "affected",
              "version": "SG6150P"
            },
            {
              "status": "affected",
              "version": "SM4635"
            },
            {
              "status": "affected",
              "version": "SM6650"
            },
            {
              "status": "affected",
              "version": "SM6650P"
            },
            {
              "status": "affected",
              "version": "SM7635"
            },
            {
              "status": "affected",
              "version": "SM7635P"
            },
            {
              "status": "affected",
              "version": "SM7675"
            },
            {
              "status": "affected",
              "version": "SM7675P"
            },
            {
              "status": "affected",
              "version": "SM8635"
            },
            {
              "status": "affected",
              "version": "SM8635P"
            },
            {
              "status": "affected",
              "version": "SM8650Q"
            },
            {
              "status": "affected",
              "version": "SM8735"
            },
            {
              "status": "affected",
              "version": "SM8750"
            },
            {
              "status": "affected",
              "version": "SM8750P"
            },
            {
              "status": "affected",
              "version": "SM8850"
            },
            {
              "status": "affected",
              "version": "SM8850P"
            },
            {
              "status": "affected",
              "version": "Snapdragon 4 Gen 1 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 480 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 480+ 5G Mobile Platform (SM4350-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 695 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 3 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon AR1 Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
            },
            {
              "status": "affected",
              "version": "Snapdragon W5+ Gen 1 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "SRV1H"
            },
            {
              "status": "affected",
              "version": "SRV1L"
            },
            {
              "status": "affected",
              "version": "SRV1M"
            },
            {
              "status": "affected",
              "version": "SW5100"
            },
            {
              "status": "affected",
              "version": "SW5100P"
            },
            {
              "status": "affected",
              "version": "SXR2330P"
            },
            {
              "status": "affected",
              "version": "SXR2350P"
            },
            {
              "status": "affected",
              "version": "WCD9370"
            },
            {
              "status": "affected",
              "version": "WCD9375"
            },
            {
              "status": "affected",
              "version": "WCD9378"
            },
            {
              "status": "affected",
              "version": "WCD9380"
            },
            {
              "status": "affected",
              "version": "WCD9385"
            },
            {
              "status": "affected",
              "version": "WCD9390"
            },
            {
              "status": "affected",
              "version": "WCD9395"
            },
            {
              "status": "affected",
              "version": "WCN3950"
            },
            {
              "status": "affected",
              "version": "WCN3980"
            },
            {
              "status": "affected",
              "version": "WCN3988"
            },
            {
              "status": "affected",
              "version": "WCN6450"
            },
            {
              "status": "affected",
              "version": "WCN6650"
            },
            {
              "status": "affected",
              "version": "WCN6755"
            },
            {
              "status": "affected",
              "version": "WCN7750"
            },
            {
              "status": "affected",
              "version": "WCN7860"
            },
            {
              "status": "affected",
              "version": "WCN7861"
            },
            {
              "status": "affected",
              "version": "WCN7880"
            },
            {
              "status": "affected",
              "version": "WCN7881"
            },
            {
              "status": "affected",
              "version": "WSA8810"
            },
            {
              "status": "affected",
              "version": "WSA8815"
            },
            {
              "status": "affected",
              "version": "WSA8830"
            },
            {
              "status": "affected",
              "version": "WSA8832"
            },
            {
              "status": "affected",
              "version": "WSA8835"
            },
            {
              "status": "affected",
              "version": "WSA8840"
            },
            {
              "status": "affected",
              "version": "WSA8845"
            },
            {
              "status": "affected",
              "version": "WSA8845H"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory corruption while loading an invalid firmware in boot loader."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-18T05:29:11.983Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html"
        }
      ],
      "title": "Incorrect Authorization in Boot"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2025-47382",
    "datePublished": "2025-12-18T05:29:11.983Z",
    "dateReserved": "2025-05-06T08:33:16.266Z",
    "dateUpdated": "2025-12-18T15:00:16.777Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design
  • Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
  • Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Architecture and Design

Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].

Mitigation MIT-4.4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Architecture and Design
  • For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
  • One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
System Configuration Installation

Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.

No CAPEC attack patterns related to this CWE.