CWE-287
DiscouragedImproper Authentication
Abstraction: Class · Status: Draft
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
5978 vulnerabilities reference this CWE, most recent first.
CVE-2025-24894 (GCVE-0-2025-24894)
Vulnerability from cvelistv5 – Published: 2025-02-18 18:39 – Updated: 2025-02-18 19:46- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://github.com/italia/spid-aspnetcore/securit… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| italia | spid-aspnetcore |
Affected:
< 3.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24894",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T19:42:44.965339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:46:06.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "spid-aspnetcore",
"vendor": "italia",
"versions": [
{
"status": "affected",
"version": "\u003c 3.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider (IDP): the system that authenticates users and provides identity information (SAML affirmation) to the Service Provider, in essence, is responsible for the management of the credentials and identity of users; Service Provider (SP): the system that provides a service to the user and relies on the Identity Provider to authenticate the user, receives SAML assertions from the IdP to grant access to resources. The validation logic of the signature is central as it ensures that you cannot create a SAML response with arbitrary assertions and then impersonate other users. There is no guarantee that the first signature refers to the root object, it follows that if an attacker injects an item signed as the first element, all other signatures will not be verified. The only requirement is to have an XML element legitimately signed by the IdP, a condition that is easily met using the IdP\u0027s public metadata. An attacker could create an arbitrary SAML response that would be accepted by SPs using vulnerable SDKs, allowing him to impersonate any Spid and/or CIE user. This vulnerability has been addressed in version 3.4.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T18:39:37.089Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/italia/spid-aspnetcore/security/advisories/GHSA-36h8-r92j-w9vw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/italia/spid-aspnetcore/security/advisories/GHSA-36h8-r92j-w9vw"
}
],
"source": {
"advisory": "GHSA-36h8-r92j-w9vw",
"discovery": "UNKNOWN"
},
"title": "SAML Response Signature Verification Bypass in SPID.AspNetCore.Authentication"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24894",
"datePublished": "2025-02-18T18:39:37.089Z",
"dateReserved": "2025-01-27T15:32:29.451Z",
"dateUpdated": "2025-02-18T19:46:06.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24032 (GCVE-0-2025-24032)
Vulnerability from cvelistv5 – Published: 2025-02-10 15:43 – Updated: 2025-05-21 15:48- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://github.com/OpenSC/pam_pkcs11/security/adv… | x_refsource_CONFIRM |
| https://github.com/OpenSC/pam_pkcs11/commit/47026… | x_refsource_MISC |
| https://github.com/OpenSC/pam_pkcs11/commit/b665b… | x_refsource_MISC |
| https://github.com/OpenSC/pam_pkcs11/commit/d9530… | x_refsource_MISC |
| https://github.com/OpenSC/pam_pkcs11/releases/tag… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2025… | |
| https://www.vicarius.io/vsociety/posts/cve-2025-2… | |
| https://www.vicarius.io/vsociety/posts/cve-2025-2… |
| Vendor | Product | Version | |
|---|---|---|---|
| OpenSC | pam_pkcs11 |
Affected:
< 0.6.13
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24032",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T16:20:48.577434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:45:25.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-21T15:48:59.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00021.html"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-24032-detect-vulnerability-in-linux-pam-module"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-24032-mitigate-linux-pam-module-vulnerability"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "pam_pkcs11",
"vendor": "OpenSC",
"versions": [
{
"status": "affected",
"version": "\u003c 0.6.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if cert_policy is set to none (the default value), then pam_pkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user\u0027s public data (e.g. the user\u0027s certificate) and a PIN known to the attacker. If no signature with the private key is required, then the attacker may now login as user with that created token. The default to *not* check the private key\u0027s signature has been changed with commit commi6638576892b59a99389043c90a1e7dd4d783b921, so that all versions starting with pam_pkcs11-0.6.0 should be affected. As a workaround, in `pam_pkcs11.conf`, set at least `cert_policy = signature;`."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T15:43:47.166Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-8r8p-7mgp-vf56",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-8r8p-7mgp-vf56"
},
{
"name": "https://github.com/OpenSC/pam_pkcs11/commit/470263258d1ac59c5eade439c4d9caba0097e6e6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSC/pam_pkcs11/commit/470263258d1ac59c5eade439c4d9caba0097e6e6"
},
{
"name": "https://github.com/OpenSC/pam_pkcs11/commit/b665b287ff955bbbd9539252ff9f9e2754c3fb48",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSC/pam_pkcs11/commit/b665b287ff955bbbd9539252ff9f9e2754c3fb48"
},
{
"name": "https://github.com/OpenSC/pam_pkcs11/commit/d9530167966a77115db6e885d459382a2e52ee9e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSC/pam_pkcs11/commit/d9530167966a77115db6e885d459382a2e52ee9e"
},
{
"name": "https://github.com/OpenSC/pam_pkcs11/releases/tag/pam_pkcs11-0.6.13",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSC/pam_pkcs11/releases/tag/pam_pkcs11-0.6.13"
}
],
"source": {
"advisory": "GHSA-8r8p-7mgp-vf56",
"discovery": "UNKNOWN"
},
"title": "PAM-PKCS#11 vulnerable to authentication bypass with default value for `cert_policy` (`none`)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24032",
"datePublished": "2025-02-10T15:43:47.166Z",
"dateReserved": "2025-01-16T17:31:06.460Z",
"dateUpdated": "2025-05-21T15:48:59.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22477 (GCVE-0-2025-22477)
Vulnerability from cvelistv5 – Published: 2025-05-06 16:03 – Updated: 2026-02-26 18:28- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00031731… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Dell Storage Center - Dell Storage Manager |
Affected:
N/A , < 2020 R1.21
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T03:56:13.261184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:52.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Storage Center - Dell Storage Manager",
"vendor": "Dell",
"versions": [
{
"lessThan": "2020 R1.21",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell would like to thank sradulea or reporting this issue."
}
],
"datePublic": "2025-05-05T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges.\u003cbr\u003e"
}
],
"value": "Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T16:03:29.485Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000317318/dsa-2025-191-security-update-for-storage-center-dell-storage-manager-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-22477",
"datePublished": "2025-05-06T16:03:29.485Z",
"dateReserved": "2025-01-07T06:04:12.135Z",
"dateUpdated": "2026-02-26T18:28:52.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-22375 (GCVE-0-2025-22375)
Vulnerability from cvelistv5 – Published: 2025-04-10 11:02 – Updated: 2025-04-10 13:18- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://csirt.divd.nl/CVE-2025-22375 | third-party-advisory |
| https://csirt.divd.nl/DIVD-2024-00043/ | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Videx Inc. | CyberAudit-Web |
Affected:
<= 9.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T13:09:37.581013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T13:18:18.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CyberAudit-Web",
"vendor": "Videx Inc.",
"versions": [
{
"status": "affected",
"version": "\u003c= 9.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hidde Smit (DIVD)"
},
{
"lang": "en",
"type": "finder",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Max van der Horst (DIVD)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authentication bypass vulnerability was found in Videx\u0027s CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerability has been patched in versions later than 9.5 and a patch has been made available to all instances of CyberAudit-Web, including the versions that are End of Maintenance (EOM). Anyone that requires support with the resolution of this issue can contact support@videx.com for assistance.\u003c/p\u003e"
}
],
"value": "An authentication bypass vulnerability was found in Videx\u0027s CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerability has been patched in versions later than 9.5\u00a0and a patch has been made available to all instances of CyberAudit-Web, including the versions that are End of Maintenance (EOM). Anyone that requires support with the resolution of this issue can contact support@videx.com for assistance."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:A/V:D/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T11:02:46.646Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2025-22375"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/DIVD-2024-00043/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Authentication Bypass in CyberAudit-Web",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2025-22375",
"datePublished": "2025-04-10T11:02:46.646Z",
"dateReserved": "2025-01-03T14:56:05.687Z",
"dateUpdated": "2025-04-10T13:18:18.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22232 (GCVE-0-2025-22232)
Vulnerability from cvelistv5 – Published: 2025-04-10 17:26 – Updated: 2025-04-10 18:08- CWE-287 - Improper Authentication
| Vendor | Product | Version | |
|---|---|---|---|
| Spring | Spring Cloud Config |
Affected:
4.2.x , < 4.2.2
(custom)
Affected: 4.1.x , < 4.1.6 (custom) Affected: 4.0.x , < 4.0.10 (custom) Affected: 3.1.x , < 3.1.10 (custom) Affected: 3.0.x , < 4.1.6 (custom) Affected: 2.2.x , < 4.1.6 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T18:08:12.310467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T18:08:28.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Cloud Config",
"vendor": "Spring",
"versions": [
{
"lessThan": "4.2.2",
"status": "affected",
"version": "4.2.x",
"versionType": "custom"
},
{
"lessThan": "4.1.6",
"status": "affected",
"version": "4.1.x",
"versionType": "custom"
},
{
"lessThan": "4.0.10",
"status": "affected",
"version": "4.0.x",
"versionType": "custom"
},
{
"lessThan": "3.1.10",
"status": "affected",
"version": "3.1.x",
"versionType": "custom"
},
{
"lessThan": "4.1.6",
"status": "affected",
"version": "3.0.x",
"versionType": "custom"
},
{
"lessThan": "4.1.6",
"status": "affected",
"version": "2.2.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-04-07T16:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Spring Cloud Config Server may not use Vault token sent by clients using a \u003ccode\u003eX-CONFIG-TOKEN\u003c/code\u003e\u0026nbsp;header when making requests to Vault.\u003cbr\u003eYour application may be affected by this if the following are true:\u003cbr\u003e\u003col\u003e\u003cli\u003eYou have Spring Vault on the classpath of your Spring Cloud Config Server and\u003c/li\u003e\u003cli\u003eYou are using the \u003ccode\u003eX-CONFIG-TOKEN\u003c/code\u003e\u0026nbsp;header to send a Vault token to the Spring Cloud Config Server for the Config Server to use when making requests to Vault and\u003c/li\u003e\u003cli\u003eYou are using the default Spring Vault \u003ccode\u003eSessionManager\u003c/code\u003e\u0026nbsp;implementation \u003ccode\u003eLifecycleAwareSessionManager\u003c/code\u003e\u0026nbsp;or a \u003ccode\u003eSessionManager\u003c/code\u003e\u0026nbsp;implementation that persists the Vault token such as \u003ccode\u003eSimpleSessionManager\u003c/code\u003e.\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003eIn this case the \u003ccode\u003eSessionManager\u003c/code\u003e\u0026nbsp;persists the first token it retrieves and will continue to use that token even if client requests to the Spring Cloud Config Server include a \u003ccode\u003eX-CONFIG-TOKEN\u003c/code\u003e\u0026nbsp;header with a different value.\u003cbr\u003eAffected Spring Products and Versions\u003cbr\u003eSpring Cloud Config:\u003cbr\u003e\u003cul\u003e\u003cli\u003e2.2.1.RELEASE - 4.2.1\u003c/li\u003e\u003c/ul\u003eMitigation\u003cbr\u003eUsers of affected versions should upgrade to the corresponding fixed version.\u003cbr\u003e\u003cbr\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eAffected version(s)\u003c/th\u003e\u003cth\u003eFix version\u003c/th\u003e\u003cth\u003eAvailability\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e4.2.x\u003c/td\u003e\u003ctd\u003e4.2.2\u003c/td\u003e\u003ctd\u003eOSS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e4.1.x\u003c/td\u003e\u003ctd\u003e4.1.6\u003c/td\u003e\u003ctd\u003eOSS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e4.0.x\u003c/td\u003e\u003ctd\u003e4.0.10\u003c/td\u003e\u003ctd\u003eCommercial\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e3.1.x\u003c/td\u003e\u003ctd\u003e3.1.10\u003c/td\u003e\u003ctd\u003eCommercial\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e3.0.x\u003c/td\u003e\u003ctd\u003e4.1.6\u003c/td\u003e\u003ctd\u003eOSS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e2.2.x\u003c/td\u003e\u003ctd\u003e4.1.6\u003c/td\u003e\u003ctd\u003eOSS\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003eNOTE: Spring Cloud Config 3.0.x and 2.2.x are no longer under open source or commercial support. Users of these versions are encouraged to upgrade to a supported version.\u003cbr\u003e\u003cbr\u003eNo other mitigation steps are necessary.\u003cbr\u003e"
}
],
"value": "Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN\u00a0header when making requests to Vault.\nYour application may be affected by this if the following are true:\n * You have Spring Vault on the classpath of your Spring Cloud Config Server and\n * You are using the X-CONFIG-TOKEN\u00a0header to send a Vault token to the Spring Cloud Config Server for the Config Server to use when making requests to Vault and\n * You are using the default Spring Vault SessionManager\u00a0implementation LifecycleAwareSessionManager\u00a0or a SessionManager\u00a0implementation that persists the Vault token such as SimpleSessionManager.\n\nIn this case the SessionManager\u00a0persists the first token it retrieves and will continue to use that token even if client requests to the Spring Cloud Config Server include a X-CONFIG-TOKEN\u00a0header with a different value.\nAffected Spring Products and Versions\nSpring Cloud Config:\n * 2.2.1.RELEASE - 4.2.1\n\n\nMitigation\nUsers of affected versions should upgrade to the corresponding fixed version.\n\nAffected version(s)Fix versionAvailability4.2.x4.2.2OSS4.1.x4.1.6OSS4.0.x4.0.10Commercial3.1.x3.1.10Commercial3.0.x4.1.6OSS2.2.x4.1.6OSS\nNOTE: Spring Cloud Config 3.0.x and 2.2.x are no longer under open source or commercial support. Users of these versions are encouraged to upgrade to a supported version.\n\nNo other mitigation steps are necessary."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T17:26:56.755Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2025-22232"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Cloud Config Server May Not Use Vault Token Sent By Clients",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIf you cannot upgrade, then you can either:\u003c/p\u003e\u003col\u003e\u003cli\u003eRemove Spring Vault from the classpath if it is not needed or\u003c/li\u003e\u003cli\u003eImplement your own \u003ccode\u003eSessionManager\u003c/code\u003e\u0026nbsp;that does not persist the Vault token and provide a bean using that implementation in a \u003ccode\u003e@Configuration\u003c/code\u003e\u0026nbsp;class. For example:\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e\u003ctt\u003e\u003cbr\u003epublic class StatelessSessionManager implements SessionManager {\u003cbr\u003e\u003cbr\u003e\u0026nbsp; private final ClientAuthentication clientAuthentication;\u003cbr\u003e\u003cbr\u003e\u0026nbsp; private final ReentrantLock lock = new ReentrantLock();\u003cbr\u003e\u003cbr\u003e\u0026nbsp; public StatelessSessionManager(ClientAuthentication clientAuthentication) {\u003cbr\u003e\u0026nbsp; \u0026nbsp; Assert.notNull(clientAuthentication, \"ClientAuthentication must not be null\");\u003cbr\u003e\u0026nbsp; \u0026nbsp; this.clientAuthentication = clientAuthentication;\u003cbr\u003e\u0026nbsp; }\u003cbr\u003e\u003cbr\u003e\u0026nbsp; public VaultToken getSessionToken() {\u003cbr\u003e\u0026nbsp; \u0026nbsp; this.lock.lock();\u003cbr\u003e\u0026nbsp; \u0026nbsp; try {\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; return this.clientAuthentication.login();\u003cbr\u003e\u0026nbsp; \u0026nbsp; }\u003cbr\u003e\u0026nbsp; \u0026nbsp; finally {\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; this.lock.unlock();\u003cbr\u003e\u0026nbsp; \u0026nbsp; }\u003cbr\u003e\u0026nbsp; }\u003cbr\u003e\u003cbr\u003e}\u003cbr\u003e\u003cbr\u003e@Configuration\u003cbr\u003epublic class MySessionManagerConfiguration extends SpringVaultClientConfiguration {\u003cbr\u003e\u003cbr\u003e\u0026nbsp; private final VaultEnvironmentProperties vaultProperties;\u003cbr\u003e\u003cbr\u003e\u0026nbsp; public MySessionManagerConfiguration(VaultEnvironmentProperties vaultProperties, ConfigTokenProvider configTokenProvider, List\u0026lt;springvaultclientauthenticationprovider\u0026gt; authProviders) {\u003cbr\u003e\u0026nbsp; \u0026nbsp; super(vaultProperties, configTokenProvider, authProviders);\u003cbr\u003e\u0026nbsp; \u0026nbsp; this.vaultProperties = vaultProperties;\u003cbr\u003e\u0026nbsp; }\u003cbr\u003e\u003cbr\u003e\u0026nbsp; @Bean\u003cbr\u003e\u0026nbsp; @Primary\u003cbr\u003e\u0026nbsp; public SessionManager sessionManager() {\u003cbr\u003e\u0026nbsp; \u0026nbsp; if (vaultProperties.getAuthentication() == null \u0026amp;\u0026amp; !StringUtils.hasText(vaultProperties.getToken())) {\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; return new StatelessSessionManager(clientAuthentication());\u003cbr\u003e\u0026nbsp; \u0026nbsp; }\u003cbr\u003e\u0026nbsp; \u0026nbsp; return super.sessionManager();\u003cbr\u003e\u0026nbsp; }\u003cbr\u003e}\u003cbr\u003e\u0026lt;/springvaultclientauthenticationprovider\u0026gt;\u003cbr\u003e\u003c/tt\u003e\u003cbr\u003e"
}
],
"value": "If you cannot upgrade, then you can either:\n\n * Remove Spring Vault from the classpath if it is not needed or\n * Implement your own SessionManager\u00a0that does not persist the Vault token and provide a bean using that implementation in a @Configuration\u00a0class. For example:\n\n\npublic class StatelessSessionManager implements SessionManager {\n\n\u00a0 private final ClientAuthentication clientAuthentication;\n\n\u00a0 private final ReentrantLock lock = new ReentrantLock();\n\n\u00a0 public StatelessSessionManager(ClientAuthentication clientAuthentication) {\n\u00a0 \u00a0 Assert.notNull(clientAuthentication, \"ClientAuthentication must not be null\");\n\u00a0 \u00a0 this.clientAuthentication = clientAuthentication;\n\u00a0 }\n\n\u00a0 public VaultToken getSessionToken() {\n\u00a0 \u00a0 this.lock.lock();\n\u00a0 \u00a0 try {\n\u00a0 \u00a0 \u00a0 return this.clientAuthentication.login();\n\u00a0 \u00a0 }\n\u00a0 \u00a0 finally {\n\u00a0 \u00a0 \u00a0 this.lock.unlock();\n\u00a0 \u00a0 }\n\u00a0 }\n\n}\n\n@Configuration\npublic class MySessionManagerConfiguration extends SpringVaultClientConfiguration {\n\n\u00a0 private final VaultEnvironmentProperties vaultProperties;\n\n\u00a0 public MySessionManagerConfiguration(VaultEnvironmentProperties vaultProperties, ConfigTokenProvider configTokenProvider, List\u003cspringvaultclientauthenticationprovider\u003e authProviders) {\n\u00a0 \u00a0 super(vaultProperties, configTokenProvider, authProviders);\n\u00a0 \u00a0 this.vaultProperties = vaultProperties;\n\u00a0 }\n\n\u00a0 @Bean\n\u00a0 @Primary\n\u00a0 public SessionManager sessionManager() {\n\u00a0 \u00a0 if (vaultProperties.getAuthentication() == null \u0026\u0026 !StringUtils.hasText(vaultProperties.getToken())) {\n\u00a0 \u00a0 \u00a0 return new StatelessSessionManager(clientAuthentication());\n\u00a0 \u00a0 }\n\u00a0 \u00a0 return super.sessionManager();\n\u00a0 }\n}\n\u003c/springvaultclientauthenticationprovider\u003e"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22232",
"datePublished": "2025-04-10T17:26:56.755Z",
"dateReserved": "2025-01-02T04:29:59.191Z",
"dateUpdated": "2025-04-10T18:08:28.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22146 (GCVE-0-2025-22146)
Vulnerability from cvelistv5 – Published: 2025-01-15 19:57 – Updated: 2025-01-15 20:44- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://github.com/getsentry/sentry/security/advi… | x_refsource_CONFIRM |
| https://github.com/getsentry/sentry/pull/83407 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T20:44:21.092928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T20:44:47.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sentry",
"vendor": "getsentry",
"versions": [
{
"status": "affected",
"version": "\u003e= 21.12.0, \u003c 25.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. The Sentry SaaS fix was deployed on Jan 14, 2025. For self hosted users; if only a single organization is allowed `(SENTRY_SINGLE_ORGANIZATION = True)`, then no action is needed. Otherwise, users should upgrade to version 25.1.0 or higher. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T19:57:59.734Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getsentry/sentry/security/advisories/GHSA-7pq6-v88g-wf3w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getsentry/sentry/security/advisories/GHSA-7pq6-v88g-wf3w"
},
{
"name": "https://github.com/getsentry/sentry/pull/83407",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getsentry/sentry/pull/83407"
}
],
"source": {
"advisory": "GHSA-7pq6-v88g-wf3w",
"discovery": "UNKNOWN"
},
"title": "Improper authentication on SAML SSO process allows user impersonation in sentry"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-22146",
"datePublished": "2025-01-15T19:57:59.734Z",
"dateReserved": "2024-12-30T03:00:33.654Z",
"dateUpdated": "2025-01-15T20:44:47.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21618 (GCVE-0-2025-21618)
Vulnerability from cvelistv5 – Published: 2025-01-06 16:30 – Updated: 2025-01-06 16:47- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://github.com/zauberzeug/nicegui/security/ad… | x_refsource_CONFIRM |
| https://github.com/zauberzeug/nicegui/commit/1621… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| zauberzeug | nicegui |
Affected:
< 2.9.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21618",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T16:47:23.140252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T16:47:43.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nicegui",
"vendor": "zauberzeug",
"versions": [
{
"status": "affected",
"version": "\u003c 2.9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixed in 2.9.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T16:30:11.349Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v6jv-p6r8-j78w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v6jv-p6r8-j78w"
},
{
"name": "https://github.com/zauberzeug/nicegui/commit/1621a4ba6a06676b8094362d36623551e651adc1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zauberzeug/nicegui/commit/1621a4ba6a06676b8094362d36623551e651adc1"
}
],
"source": {
"advisory": "GHSA-v6jv-p6r8-j78w",
"discovery": "UNKNOWN"
},
"title": "NiceGUI On Air authentication issue"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-21618",
"datePublished": "2025-01-06T16:30:11.349Z",
"dateReserved": "2024-12-29T03:00:24.714Z",
"dateUpdated": "2025-01-06T16:47:43.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21450 (GCVE-0-2025-21450)
Vulnerability from cvelistv5 – Published: 2025-07-08 12:49 – Updated: 2025-07-08 14:22- CWE-287 - Improper Authentication
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
AR8035
Affected: FastConnect 6200 Affected: FastConnect 6700 Affected: FastConnect 6900 Affected: FastConnect 7800 Affected: QCA6174A Affected: QCA6391 Affected: QCA6574A Affected: QCA6574AU Affected: QCA6584AU Affected: QCA6595AU Affected: QCA6678AQ Affected: QCA6688AQ Affected: QCA6696 Affected: QCA6698AQ Affected: QCA6698AU Affected: QCA6797AQ Affected: QCA8081 Affected: QCA8337 Affected: QCC710 Affected: QCM4490 Affected: QCM5430 Affected: QCM6490 Affected: QCM8550 Affected: QCN6024 Affected: QCN6224 Affected: QCN6274 Affected: QCN9011 Affected: QCN9012 Affected: QCN9024 Affected: QCS4490 Affected: QCS5430 Affected: QCS6490 Affected: QCS8550 Affected: QEP8111 Affected: QFW7114 Affected: QFW7124 Affected: Qualcomm Video Collaboration VC3 Platform Affected: SD 8 Gen1 5G Affected: SDX55 Affected: SDX61 Affected: SDX80M Affected: SG8275P Affected: SM4635 Affected: SM6370 Affected: SM6650 Affected: SM6650P Affected: SM7325P Affected: SM7635 Affected: SM7635P Affected: SM7675 Affected: SM7675P Affected: SM8635 Affected: SM8635P Affected: SM8650Q Affected: SM8750 Affected: SM8750P Affected: Snapdragon 4 Gen 1 Mobile Platform Affected: Snapdragon 480 5G Mobile Platform Affected: Snapdragon 480+ 5G Mobile Platform (SM4350-AC) Affected: Snapdragon 695 5G Mobile Platform Affected: Snapdragon 778G 5G Mobile Platform Affected: Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) Affected: Snapdragon 782G Mobile Platform (SM7325-AF) Affected: Snapdragon 7c+ Gen 3 Compute Affected: Snapdragon 8 Gen 1 Mobile Platform Affected: Snapdragon 8 Gen 3 Mobile Platform Affected: Snapdragon 8+ Gen 1 Mobile Platform Affected: Snapdragon 888 5G Mobile Platform Affected: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Affected: Snapdragon Auto 5G Modem-RF Affected: Snapdragon Auto 5G Modem-RF Gen 2 Affected: Snapdragon W5+ Gen 1 Wearable Platform Affected: Snapdragon X32 5G Modem-RF System Affected: Snapdragon X35 5G Modem-RF System Affected: Snapdragon X62 5G Modem-RF System Affected: Snapdragon X65 5G Modem-RF System Affected: Snapdragon X72 5G Modem-RF System Affected: Snapdragon X75 5G Modem-RF System Affected: SW5100 Affected: SW5100P Affected: WCD9340 Affected: WCD9360 Affected: WCD9370 Affected: WCD9375 Affected: WCD9378 Affected: WCD9380 Affected: WCD9385 Affected: WCD9390 Affected: WCD9395 Affected: WCN3950 Affected: WCN3980 Affected: WCN3988 Affected: WCN6450 Affected: WCN6650 Affected: WCN6755 Affected: WCN7860 Affected: WCN7861 Affected: WCN7880 Affected: WCN7881 Affected: WSA8810 Affected: WSA8815 Affected: WSA8830 Affected: WSA8832 Affected: WSA8835 Affected: WSA8840 Affected: WSA8845 Affected: WSA8845H |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21450",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T14:22:19.988462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T14:22:55.070Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon MDM",
"Snapdragon Mobile",
"Snapdragon WBC",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6678AQ"
},
{
"status": "affected",
"version": "QCA6688AQ"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA6698AU"
},
{
"status": "affected",
"version": "QCA6797AQ"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCC710"
},
{
"status": "affected",
"version": "QCM4490"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCM8550"
},
{
"status": "affected",
"version": "QCN6024"
},
{
"status": "affected",
"version": "QCN6224"
},
{
"status": "affected",
"version": "QCN6274"
},
{
"status": "affected",
"version": "QCN9011"
},
{
"status": "affected",
"version": "QCN9012"
},
{
"status": "affected",
"version": "QCN9024"
},
{
"status": "affected",
"version": "QCS4490"
},
{
"status": "affected",
"version": "QCS5430"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCS8550"
},
{
"status": "affected",
"version": "QEP8111"
},
{
"status": "affected",
"version": "QFW7114"
},
{
"status": "affected",
"version": "QFW7124"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SDX55"
},
{
"status": "affected",
"version": "SDX61"
},
{
"status": "affected",
"version": "SDX80M"
},
{
"status": "affected",
"version": "SG8275P"
},
{
"status": "affected",
"version": "SM4635"
},
{
"status": "affected",
"version": "SM6370"
},
{
"status": "affected",
"version": "SM6650"
},
{
"status": "affected",
"version": "SM6650P"
},
{
"status": "affected",
"version": "SM7325P"
},
{
"status": "affected",
"version": "SM7635"
},
{
"status": "affected",
"version": "SM7635P"
},
{
"status": "affected",
"version": "SM7675"
},
{
"status": "affected",
"version": "SM7675P"
},
{
"status": "affected",
"version": "SM8635"
},
{
"status": "affected",
"version": "SM8635P"
},
{
"status": "affected",
"version": "SM8650Q"
},
{
"status": "affected",
"version": "SM8750"
},
{
"status": "affected",
"version": "SM8750P"
},
{
"status": "affected",
"version": "Snapdragon 4 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 480 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 480+ 5G Mobile Platform (SM4350-AC)"
},
{
"status": "affected",
"version": "Snapdragon 695 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 778G 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)"
},
{
"status": "affected",
"version": "Snapdragon 782G Mobile Platform (SM7325-AF)"
},
{
"status": "affected",
"version": "Snapdragon 7c+ Gen 3 Compute"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8+ Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 888 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)"
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF"
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF Gen 2"
},
{
"status": "affected",
"version": "Snapdragon W5+ Gen 1 Wearable Platform"
},
{
"status": "affected",
"version": "Snapdragon X32 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X35 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X62 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X65 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X72 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X75 5G Modem-RF System"
},
{
"status": "affected",
"version": "SW5100"
},
{
"status": "affected",
"version": "SW5100P"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9360"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN6450"
},
{
"status": "affected",
"version": "WCN6650"
},
{
"status": "affected",
"version": "WCN6755"
},
{
"status": "affected",
"version": "WCN7860"
},
{
"status": "affected",
"version": "WCN7861"
},
{
"status": "affected",
"version": "WCN7880"
},
{
"status": "affected",
"version": "WCN7881"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cryptographic issue occurs due to use of insecure connection method while downloading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T12:49:00.452Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html"
}
],
"title": "Improper Authentication in GPS_GNSS"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2025-21450",
"datePublished": "2025-07-08T12:49:00.452Z",
"dateReserved": "2024-12-18T09:50:08.923Z",
"dateUpdated": "2025-07-08T14:22:55.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21349 (GCVE-0-2025-21349)
Vulnerability from cvelistv5 – Published: 2025-02-11 17:58 – Updated: 2026-02-26 19:08- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1507 |
Affected:
10.0.10240.0 , < 10.0.10240.20915
(custom)
|
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.7785
(custom)
|
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.6893
(custom)
|
|
| Microsoft | Windows 10 Version 21H2 |
Affected:
10.0.19044.0 , < 10.0.19044.5487
(custom)
|
|
| Microsoft | Windows 10 Version 22H2 |
Affected:
10.0.19045.0 , < 10.0.19045.5487
(custom)
|
|
| Microsoft | Windows 11 version 22H2 |
Affected:
10.0.22621.0 , < 10.0.22621.4890
(custom)
|
|
| Microsoft | Windows 11 version 22H3 |
Affected:
10.0.22631.0 , < 10.0.22631.4890
(custom)
|
|
| Microsoft | Windows 11 Version 23H2 |
Affected:
10.0.22631.0 , < 10.0.22631.4890
(custom)
|
|
| Microsoft | Windows 11 Version 24H2 |
Affected:
10.0.26100.0 , < 10.0.26100.3194
(custom)
|
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.14393.0 , < 10.0.14393.7785
(custom)
|
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.14393.0 , < 10.0.14393.7785
(custom)
|
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.17763.0 , < 10.0.17763.6893
(custom)
|
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.17763.0 , < 10.0.17763.6893
(custom)
|
|
| Microsoft | Windows Server 2022 |
Affected:
10.0.20348.0 , < 10.0.20348.3207
(custom)
|
|
| Microsoft | Windows Server 2022, 23H2 Edition (Server Core installation) |
Affected:
10.0.25398.0 , < 10.0.25398.1425
(custom)
|
|
| Microsoft | Windows Server 2025 |
Affected:
10.0.26100.0 , < 10.0.26100.3194
(custom)
|
|
| Microsoft | Windows Server 2025 (Server Core installation) |
Affected:
10.0.26100.0 , < 10.0.26100.3194
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-01T04:55:35.596200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:08:57.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.20915",
"status": "affected",
"version": "10.0.10240.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.7785",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.6893",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.5487",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.5487",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22621.4890",
"status": "affected",
"version": "10.0.22621.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.4890",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.4890",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.3194",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.7785",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.7785",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.6893",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.6893",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.3207",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.1425",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.3194",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.3194",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.6893",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6893",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6893",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.3207",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.5487",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.4890",
"versionStartIncluding": "10.0.22621.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.5487",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.3194",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.4890",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.4890",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1425",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.3194",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.3194",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.20915",
"versionStartIncluding": "10.0.10240.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.7785",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7785",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7785",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-02-11T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Windows Remote Desktop Configuration Service Tampering Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:44:34.058Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Remote Desktop Configuration Service Tampering Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21349"
}
],
"title": "Windows Remote Desktop Configuration Service Tampering Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-21349",
"datePublished": "2025-02-11T17:58:31.806Z",
"dateReserved": "2024-12-11T00:29:48.353Z",
"dateUpdated": "2026-02-26T19:08:57.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20730 (GCVE-0-2025-20730)
Vulnerability from cvelistv5 – Published: 2025-11-04 06:19 – Updated: 2026-02-26 17:47- CWE-287 - Improper Authentication - Generic
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MT2737, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6990, MT6991, MT8188, MT8195, MT8676, MT8678, MT8696 |
Affected:
Android 13.0, 14.0, 15.0, 16.0 / openWRT 21.02, 23.05 / Yocto 4.0 / RDK-B 24Q1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T04:55:40.924512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:27.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2737, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6990, MT6991, MT8188, MT8195, MT8676, MT8678, MT8696",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 13.0, 14.0, 15.0, 16.0 / openWRT 21.02, 23.05 / Yocto 4.0 / RDK-B 24Q1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10068463; Issue ID: MSV-4141."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication - Generic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T06:19:47.152Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/November-2025"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20730",
"datePublished": "2025-11-04T06:19:47.152Z",
"dateReserved": "2024-11-01T01:21:50.393Z",
"dateUpdated": "2026-02-26T17:47:27.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Strategy: Libraries or Frameworks
Use an authentication framework or library such as the OWASP ESAPI Authentication feature.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
CAPEC-115: Authentication Bypass
An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.
CAPEC-151: Identity Spoofing
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
CAPEC-194: Fake the Source of Data
An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.
CAPEC-593: Session Hijacking
This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.
CAPEC-633: Token Impersonation
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
CAPEC-650: Upload a Web Shell to a Web Server
By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.