CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1915 vulnerabilities reference this CWE, most recent first.
CVE-2025-15084 (GCVE-0-2025-15084)
Vulnerability from cvelistv5 – Published: 2025-12-25 18:32 – Updated: 2025-12-29 21:29| URL | Tags |
|---|---|
| https://vuldb.com/?id.338412 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.338412 | signaturepermissions-required |
| https://vuldb.com/?submit.708174 | third-party-advisory |
| https://github.com/Hwwg/cve/issues/24 | exploitissue-tracking |
| Vendor | Product | Version | |
|---|---|---|---|
| youlaitech | youlai-mall |
Affected:
1.0.0
Affected: 2.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15084",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-29T21:29:08.741631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-29T21:29:17.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Order Payment Handler"
],
"product": "youlai-mall",
"vendor": "youlaitech",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "huangweigang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.1,
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-25T18:32:05.729Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-338412 | youlaitech youlai-mall Order Payment OrderController.java orderService.payOrder access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.338412"
},
{
"name": "VDB-338412 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.338412"
},
{
"name": "Submit #708174 | youlai-mall latest Improper Control of Resource Identifiers",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.708174"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Hwwg/cve/issues/24"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-25T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-25T10:55:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "youlaitech youlai-mall Order Payment OrderController.java orderService.payOrder access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15084",
"datePublished": "2025-12-25T18:32:05.729Z",
"dateReserved": "2025-12-25T09:49:51.756Z",
"dateUpdated": "2025-12-29T21:29:17.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14889 (GCVE-0-2025-14889)
Vulnerability from cvelistv5 – Published: 2025-12-18 20:02 – Updated: 2026-02-24 05:54 X_Freeware| URL | Tags |
|---|---|
| https://vuldb.com/?id.337378 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.337378 | signaturepermissions-required |
| https://vuldb.com/?submit.715643 | third-party-advisory |
| https://gist.github.com/nikstudy576-maker/82e1e1e… | exploit |
| https://www.campcodes.com/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| Campcodes | Advanced Voting Management System |
Affected:
1.0
cpe:2.3:a:campcodes:advanced_voting_management_system:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14889",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T20:15:32.560335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T20:15:44.091Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:campcodes:advanced_voting_management_system:*:*:*:*:*:*:*:*"
],
"modules": [
"Password Handler"
],
"product": "Advanced Voting Management System",
"vendor": "Campcodes",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Err404 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/voters_edit.php of the component Password Handler. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.5,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T05:54:36.637Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-337378 | Campcodes Advanced Voting Management System Password voters_edit.php improper authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.337378"
},
{
"name": "VDB-337378 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.337378"
},
{
"name": "Submit #715643 | campcodes Advanced Voting Management System using PHP/MySQLi 1.0 Authentication Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.715643"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/nikstudy576-maker/82e1e1ede9b848880aa09b87b92bc22c"
},
{
"tags": [
"product"
],
"url": "https://www.campcodes.com/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2025-12-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-18T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-25T01:47:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "Campcodes Advanced Voting Management System Password voters_edit.php improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14889",
"datePublished": "2025-12-18T20:02:07.993Z",
"dateReserved": "2025-12-18T14:12:13.912Z",
"dateUpdated": "2026-02-24T05:54:36.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14778 (GCVE-0-2025-14778)
Vulnerability from cvelistv5 – Published: 2026-02-09 18:58 – Updated: 2026-02-10 01:04- CWE-266 - Incorrect Privilege Assignment
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:2363 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:2364 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:2365 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:2366 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2025-14778 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2422600 | issue-trackingx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat build of Keycloak 26.2 |
Unaffected:
26.2.13-1 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.2::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.2 |
Unaffected:
26.2-15 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.2::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.2.13 |
cpe:/a:redhat:build_keycloak:26.2::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.4 |
Unaffected:
26.4.9-1 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.4::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.4 |
Unaffected:
26.4-11 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.4::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.4 |
Unaffected:
26.4-10 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.4::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.4.9 |
cpe:/a:redhat:build_keycloak:26.4::el9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T19:51:45.628050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T19:51:55.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-operator-bundle",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2.13-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2-15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2-15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "unaffected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.2.13",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-operator-bundle",
"product": "Red Hat build of Keycloak 26.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.4.9-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 26.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.4-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.4-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "unaffected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.4.9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Joshua Rogers for reporting this issue."
}
],
"datePublic": "2026-02-09T18:24:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService (UMA Protection API). When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller\u0027s ownership against the first resource in the policy\u0027s list. This allows a user (Owner A) who owns one resource (RA) to update a shared policy and modify authorization rules for other resources (e.g., RB) in that same policy, even if those other resources are owned by a different user (Owner B). This constitutes a horizontal privilege escalation."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T01:04:37.407Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:2363",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2363"
},
{
"name": "RHSA-2026:2364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2364"
},
{
"name": "RHSA-2026:2365",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2365"
},
{
"name": "RHSA-2026:2366",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2366"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-14778"
},
{
"name": "RHBZ#2422600",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422600"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-16T05:01:06.107Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-02-09T18:24:00.000Z",
"value": "Made public."
}
],
"title": "Keycloak: incorrect ownership checks in /uma-policy/",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-14778",
"datePublished": "2026-02-09T18:58:29.065Z",
"dateReserved": "2025-12-16T05:02:19.510Z",
"dateUpdated": "2026-02-10T01:04:37.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14749 (GCVE-0-2025-14749)
Vulnerability from cvelistv5 – Published: 2025-12-16 03:02 – Updated: 2025-12-16 20:48| URL | Tags |
|---|---|
| https://vuldb.com/?id.336522 | vdb-entry |
| https://vuldb.com/?ctiid.336522 | signaturepermissions-required |
| https://vuldb.com/?submit.707198 | third-party-advisory |
| https://github.com/pwnpwnpur1n/IoT-advisories/blo… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Ningyuanda | TC155 |
Affected:
57.0.2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14749",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T20:46:17.290265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T20:48:27.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"ONVIF PTZ Control Interface"
],
"product": "TC155",
"vendor": "Ningyuanda",
"versions": [
{
"status": "affected",
"version": "57.0.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "keroomi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Ningyuanda TC155 57.0.2.0. This impacts an unknown function of the file /onvif/device_service of the component ONVIF PTZ Control Interface. The manipulation leads to improper access controls. The attack requires being on the local network. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T03:02:10.508Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-336522 | Ningyuanda TC155 ONVIF PTZ Control device_service access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.336522"
},
{
"name": "VDB-336522 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.336522"
},
{
"name": "Submit #707198 | Shenzhen Ningyuanda Technology Co., Ltd. TC155 IP Camera Firmware version: 57.0.2.0 Unauthenticated ONVIF PTZ Full Remote Camera Control",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.707198"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/pwnpwnpur1n/IoT-advisories/blob/main/TC155-Unauth-PTZ-Remote-Control.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-15T21:44:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "Ningyuanda TC155 ONVIF PTZ Control device_service access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14749",
"datePublished": "2025-12-16T03:02:10.508Z",
"dateReserved": "2025-12-15T20:39:20.608Z",
"dateUpdated": "2025-12-16T20:48:27.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14748 (GCVE-0-2025-14748)
Vulnerability from cvelistv5 – Published: 2025-12-16 03:02 – Updated: 2025-12-16 21:01| URL | Tags |
|---|---|
| https://vuldb.com/?id.336521 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.336521 | signaturepermissions-required |
| https://vuldb.com/?submit.707197 | third-party-advisory |
| https://github.com/pwnpwnpur1n/IoT-advisories/blo… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Ningyuanda | TC155 |
Affected:
57.0.2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14748",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T20:48:51.659721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T21:01:07.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"ONVIF Device Management Service"
],
"product": "TC155",
"vendor": "Ningyuanda",
"versions": [
{
"status": "affected",
"version": "57.0.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "keroomi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Ningyuanda TC155 57.0.2.0. This affects an unknown function of the file /onvif/device_service of the component ONVIF Device Management Service. Executing manipulation of the argument FactoryDefault with the input Hard can lead to improper access controls. The attack requires access to the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T03:02:08.269Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-336521 | Ningyuanda TC155 ONVIF Device Management Service device_service access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.336521"
},
{
"name": "VDB-336521 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.336521"
},
{
"name": "Submit #707197 | Shenzhen Ningyuanda Technology Co., Ltd. TC155 IP Camera Firmware version: 57.0.2.0 Unauthenticated Hard Reset via ONVIF SetSystemFactoryDefault",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.707197"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/pwnpwnpur1n/IoT-advisories/blob/main/TC155-Unauth-Hard-Reset.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-15T21:44:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "Ningyuanda TC155 ONVIF Device Management Service device_service access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14748",
"datePublished": "2025-12-16T03:02:08.269Z",
"dateReserved": "2025-12-15T20:39:17.819Z",
"dateUpdated": "2025-12-16T21:01:07.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14660 (GCVE-0-2025-14660)
Vulnerability from cvelistv5 – Published: 2025-12-14 12:32 – Updated: 2025-12-15 20:55 X_Open Source| URL | Tags |
|---|---|
| https://vuldb.com/?id.336392 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.336392 | signaturepermissions-required |
| https://vuldb.com/?submit.713741 | third-party-advisory |
| https://github.com/decocms/mesh/pull/1967 | issue-tracking |
| https://github.com/decocms/mesh/pull/1967#issueco… | issue-tracking |
| https://github.com/decocms/mesh/pull/1967#issue-3… | exploitissue-tracking |
| https://github.com/decocms/mesh/commit/5f7315e058… | patch |
| https://github.com/decocms/mesh/releases/tag/runt… | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| DecoCMS | Mesh |
Affected:
1.0.0-alpha.0
Affected: 1.0.0-alpha.1 Affected: 1.0.0-alpha.2 Affected: 1.0.0-alpha.3 Affected: 1.0.0-alpha.4 Affected: 1.0.0-alpha.5 Affected: 1.0.0-alpha.6 Affected: 1.0.0-alpha.7 Affected: 1.0.0-alpha.8 Affected: 1.0.0-alpha.9 Affected: 1.0.0-alpha.10 Affected: 1.0.0-alpha.11 Affected: 1.0.0-alpha.12 Affected: 1.0.0-alpha.13 Affected: 1.0.0-alpha.14 Affected: 1.0.0-alpha.15 Affected: 1.0.0-alpha.16 Affected: 1.0.0-alpha.17 Affected: 1.0.0-alpha.18 Affected: 1.0.0-alpha.19 Affected: 1.0.0-alpha.20 Affected: 1.0.0-alpha.21 Affected: 1.0.0-alpha.22 Affected: 1.0.0-alpha.23 Affected: 1.0.0-alpha.24 Affected: 1.0.0-alpha.25 Affected: 1.0.0-alpha.26 Affected: 1.0.0-alpha.27 Affected: 1.0.0-alpha.28 Affected: 1.0.0-alpha.29 Affected: 1.0.0-alpha.30 Affected: 1.0.0-alpha.31 Unaffected: 1.0.0-alpha.32 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14660",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:54:55.484541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:55:13.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Workspace Domain Handler"
],
"product": "Mesh",
"vendor": "DecoCMS",
"versions": [
{
"status": "affected",
"version": "1.0.0-alpha.0"
},
{
"status": "affected",
"version": "1.0.0-alpha.1"
},
{
"status": "affected",
"version": "1.0.0-alpha.2"
},
{
"status": "affected",
"version": "1.0.0-alpha.3"
},
{
"status": "affected",
"version": "1.0.0-alpha.4"
},
{
"status": "affected",
"version": "1.0.0-alpha.5"
},
{
"status": "affected",
"version": "1.0.0-alpha.6"
},
{
"status": "affected",
"version": "1.0.0-alpha.7"
},
{
"status": "affected",
"version": "1.0.0-alpha.8"
},
{
"status": "affected",
"version": "1.0.0-alpha.9"
},
{
"status": "affected",
"version": "1.0.0-alpha.10"
},
{
"status": "affected",
"version": "1.0.0-alpha.11"
},
{
"status": "affected",
"version": "1.0.0-alpha.12"
},
{
"status": "affected",
"version": "1.0.0-alpha.13"
},
{
"status": "affected",
"version": "1.0.0-alpha.14"
},
{
"status": "affected",
"version": "1.0.0-alpha.15"
},
{
"status": "affected",
"version": "1.0.0-alpha.16"
},
{
"status": "affected",
"version": "1.0.0-alpha.17"
},
{
"status": "affected",
"version": "1.0.0-alpha.18"
},
{
"status": "affected",
"version": "1.0.0-alpha.19"
},
{
"status": "affected",
"version": "1.0.0-alpha.20"
},
{
"status": "affected",
"version": "1.0.0-alpha.21"
},
{
"status": "affected",
"version": "1.0.0-alpha.22"
},
{
"status": "affected",
"version": "1.0.0-alpha.23"
},
{
"status": "affected",
"version": "1.0.0-alpha.24"
},
{
"status": "affected",
"version": "1.0.0-alpha.25"
},
{
"status": "affected",
"version": "1.0.0-alpha.26"
},
{
"status": "affected",
"version": "1.0.0-alpha.27"
},
{
"status": "affected",
"version": "1.0.0-alpha.28"
},
{
"status": "affected",
"version": "1.0.0-alpha.29"
},
{
"status": "affected",
"version": "1.0.0-alpha.30"
},
{
"status": "affected",
"version": "1.0.0-alpha.31"
},
{
"status": "unaffected",
"version": "1.0.0-alpha.32"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cucumbersalad (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been published and may be used. Upgrading to version 1.0.0-alpha.32 addresses this issue. Patch name: 5f7315e05852faf3a9c177c0a34f9ea9b0371d3d. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.1,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-14T12:32:08.752Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-336392 | DecoCMS Mesh Workspace Domain api.ts createTool access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.336392"
},
{
"name": "VDB-336392 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.336392"
},
{
"name": "Submit #713741 | Deco deco-mesh runtime v1.0.0-alpha.31 Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.713741"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/decocms/mesh/pull/1967"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/decocms/mesh/pull/1967#issuecomment-3622379237"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/decocms/mesh/pull/1967#issue-3700934099"
},
{
"tags": [
"patch"
],
"url": "https://github.com/decocms/mesh/commit/5f7315e05852faf3a9c177c0a34f9ea9b0371d3d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/decocms/mesh/releases/tag/runtime-v1.0.0-alpha.32"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-12-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-13T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-13T14:30:21.000Z",
"value": "VulDB entry last update"
}
],
"title": "DecoCMS Mesh Workspace Domain api.ts createTool access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14660",
"datePublished": "2025-12-14T12:32:08.752Z",
"dateReserved": "2025-12-13T13:25:14.748Z",
"dateUpdated": "2025-12-15T20:55:13.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14503 (GCVE-0-2025-14503)
Vulnerability from cvelistv5 – Published: 2025-12-15 19:45 – Updated: 2026-02-26 16:07- CWE-266 - Incorrect Privilege Assignment
| URL | Tags |
|---|---|
| https://github.com/awslabs/harmonix/pull/189 | patch |
| https://aws.amazon.com/security/security-bulletin… | vendor-advisory |
| https://github.com/awslabs/harmonix/security/advi… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| AWS | Harmonix on AWS |
Affected:
0.3.0 , < 0.4.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14503",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T04:56:04.348854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:07:40.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Harmonix on AWS",
"vendor": "AWS",
"versions": [
{
"lessThan": "0.4.2",
"status": "affected",
"version": "0.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eAn overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any IAM principal in the same AWS account with sts:AssumeRole permissions to assume the role with administrative privileges.\u003c/p\u003e\u003cbr\u003eWe recommend customers upgrade to Harmonix on AWS v0.4.2 or later if you have deployed the framework using versions v0.3.0 through v0.4.1. \u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any IAM principal in the same AWS account with sts:AssumeRole permissions to assume the role with administrative privileges.\n\n\nWe recommend customers upgrade to Harmonix on AWS v0.4.2 or later if you have deployed the framework using versions v0.3.0 through v0.4.1."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T23:13:44.545Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/awslabs/harmonix/pull/189"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-031/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/awslabs/harmonix/security/advisories/GHSA-qm86-gqrq-mqcw"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Overly Permissive Trust Policy in Harmonix on AWS EKS",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2025-14503",
"datePublished": "2025-12-15T19:45:00.729Z",
"dateReserved": "2025-12-10T21:04:10.009Z",
"dateUpdated": "2026-02-26T16:07:40.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14282 (GCVE-0-2025-14282)
Vulnerability from cvelistv5 – Published: 2026-02-12 21:37 – Updated: 2026-02-18 20:45- CWE-266 - Incorrect Privilege Assignment
| Vendor | Product | Version | |
|---|---|---|---|
| https://github.com/mkj/dropbear/ | dropbear |
Affected:
2024.84 , < 2025.88
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-02-12T22:10:33.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/16/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/17/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-13T16:20:24.349443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T16:20:35.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/mkj/dropbear/",
"defaultStatus": "unaffected",
"packageName": "dropbear",
"product": "dropbear",
"vendor": "https://github.com/mkj/dropbear/",
"versions": [
{
"lessThan": "2025.88",
"status": "affected",
"version": "2024.84",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-12-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root,\nonly switching to the logged-in user upon spawning a shell or performing\nsome operations like reading the user\u0027s files.\nWith the recent ability of also using unix domain sockets as the forwarding destination any user able to log in via ssh can connect to any unix socket with the root\u0027s credentials, bypassing both file system restrictions and any SO_PEERCRED / SO_PASSCRED checks performed by the peer."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T20:45:49.221Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-14282"
},
{
"name": "RHBZ#2420052",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420052"
},
{
"url": "https://github.com/mkj/dropbear/pull/391"
},
{
"url": "https://github.com/mkj/dropbear/pull/394"
},
{
"url": "https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-08T16:46:48.481Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-12-16T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Dropbear: privilege escalation via unix domain socket forwardings",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-14282",
"datePublished": "2026-02-12T21:37:57.157Z",
"dateReserved": "2025-12-08T17:48:22.565Z",
"dateUpdated": "2026-02-18T20:45:49.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14206 (GCVE-0-2025-14206)
Vulnerability from cvelistv5 – Published: 2025-12-08 00:02 – Updated: 2025-12-08 17:11 X_Freeware| URL | Tags |
|---|---|
| https://vuldb.com/?id.334649 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.334649 | signaturepermissions-required |
| https://vuldb.com/?submit.700465 | third-party-advisory |
| https://github.com/rassec2/dbcve/issues/8 | exploitissue-tracking |
| https://www.sourcecodester.com/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Online Student Clearance System |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14206",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T17:01:31.744170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T17:11:37.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Fee Table Handler"
],
"product": "Online Student Clearance System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yudeshui (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in SourceCodester Online Student Clearance System 1.0. The affected element is an unknown function of the file /Admin/delete-fee.php of the component Fee Table Handler. Executing manipulation of the argument ID can lead to improper authorization. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.4,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T00:02:06.916Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-334649 | SourceCodester Online Student Clearance System Fee Table delete-fee.php improper authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.334649"
},
{
"name": "VDB-334649 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.334649"
},
{
"name": "Submit #700465 | Sourcecodester Online Student Clearance System Project 1.0 /Admin/delete-fee.php Broken Access Control",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.700465"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/rassec2/dbcve/issues/8"
},
{
"tags": [
"product"
],
"url": "https://www.sourcecodester.com/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2025-12-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-07T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-07T09:07:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Online Student Clearance System Fee Table delete-fee.php improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14206",
"datePublished": "2025-12-08T00:02:06.916Z",
"dateReserved": "2025-12-07T08:02:14.254Z",
"dateUpdated": "2025-12-08T17:11:37.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14089 (GCVE-0-2025-14089)
Vulnerability from cvelistv5 – Published: 2025-12-05 15:32 – Updated: 2025-12-05 16:47| URL | Tags |
|---|---|
| https://vuldb.com/?id.334479 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.334479 | signaturepermissions-required |
| https://vuldb.com/?submit.696049 | third-party-advisory |
| https://github.com/caigo8/CVE-md/blob/main/Boxwoo… | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14089",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T16:04:58.182395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T16:47:42.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"AdminActionViewSet"
],
"product": "ERP",
"vendor": "Himool",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "alunxzhou (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function update_account of the file /api/admin/update_account/ of the component AdminActionViewSet. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T15:32:06.293Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-334479 | Himool ERP AdminActionViewSet update_account improper authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.334479"
},
{
"name": "VDB-334479 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.334479"
},
{
"name": "Submit #696049 | https://gitee.com/himool/erp Himool ERP 2.2 Missing Authentication for Critical Function",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.696049"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/caigo8/CVE-md/blob/main/BoxwoodERP/%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-05T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-05T09:50:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "Himool ERP AdminActionViewSet update_account improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14089",
"datePublished": "2025-12-05T15:32:06.293Z",
"dateReserved": "2025-12-05T08:45:20.357Z",
"dateUpdated": "2025-12-05T16:47:42.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.