Common Weakness Enumeration

CWE-290

Allowed

Authentication Bypass by Spoofing

Abstraction: Base · Status: Incomplete

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

925 vulnerabilities reference this CWE, most recent first.

CVE-2025-46345 (GCVE-0-2025-46345)

Vulnerability from cvelistv5 – Published: 2025-05-01 17:20 – Updated: 2025-05-02 17:39
VLAI
Title
Auth0 Account Link Extension JWT Invalid Signature Validation
Summary
Auth0 Account Link Extension is an extension aimed to help link accounts easily. Versions 2.3.4 to 2.6.6 do not verify the signature of the provided JWT. This allows the user the ability to supply a forged token and the potential to access user information without proper authorization. This issue has been patched in versions 2.6.7, 2.7.0, and 3.0.0. It is recommended to upgrade to version 3.0.0 or greater.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-46345",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-02T17:39:25.729856Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-02T17:39:32.800Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "auth0-account-link-extension",
          "vendor": "auth0-extensions",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.3.4, \u003c 2.6.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Auth0 Account Link Extension is an extension aimed to help link accounts easily. Versions 2.3.4 to 2.6.6 do not verify the signature of the provided JWT. This allows the user the ability to supply a forged token and the potential to access user information without proper authorization. This issue has been patched in versions 2.6.7, 2.7.0, and 3.0.0. It is recommended to upgrade to version 3.0.0 or greater."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "CWE-290: Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-01T17:20:24.010Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/auth0-extensions/auth0-account-link-extension/security/advisories/GHSA-j2jh-rqff-7vmg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/auth0-extensions/auth0-account-link-extension/security/advisories/GHSA-j2jh-rqff-7vmg"
        },
        {
          "name": "https://github.com/auth0-extensions/auth0-account-link-extension/pull/187",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/auth0-extensions/auth0-account-link-extension/pull/187"
        }
      ],
      "source": {
        "advisory": "GHSA-j2jh-rqff-7vmg",
        "discovery": "UNKNOWN"
      },
      "title": "Auth0 Account Link Extension JWT Invalid Signature Validation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-46345",
    "datePublished": "2025-05-01T17:20:24.010Z",
    "dateReserved": "2025-04-22T22:41:54.913Z",
    "dateUpdated": "2025-05-02T17:39:32.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-36754 (GCVE-0-2025-36754)

Vulnerability from cvelistv5 – Published: 2025-12-13 08:16 – Updated: 2025-12-16 11:02
VLAI
Title
Authentication bypass on web interface
Summary
The authentication mechanism on web interface is not properly implemented. It is possible to bypass authentication checks by crafting a post request with new settings since there is no session token or authentication in place. This would allow an attacker for instance to point the device to an arbitrary address for domain name resolution to e.g. facililitate a man-in-the-middle (MitM) attack.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-290 - Authentication Bypass by Spoofing
Assigner
References
URL Tags
https://csirt.divd.nl/CVE-2025-36754/ third-party-advisory
Impacted products
Vendor Product Version
Growatt ShineLan-X Affected: 3.6.0.0 , ≤ 3.6.0.2 (semver)
Create a notification for this product.
Credits
Hamid Rahmouni Victor Pasman
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36754",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-15T20:27:48.035651Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-15T20:33:19.436Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ShineLan-X",
          "vendor": "Growatt",
          "versions": [
            {
              "lessThanOrEqual": "3.6.0.2",
              "status": "affected",
              "version": "3.6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Hamid Rahmouni"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Victor Pasman"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The authentication mechanism on web interface is not properly implemented. It is\u00a0possible to bypass authentication checks by crafting a post request with new settings\u00a0since there is no session token or authentication in place. This would allow an\u00a0attacker for instance to point the device to an arbitrary address for domain name resolution to e.g. facililitate a man-in-the-middle (MitM) attack."
            }
          ],
          "value": "The authentication mechanism on web interface is not properly implemented. It is\u00a0possible to bypass authentication checks by crafting a post request with new settings\u00a0since there is no session token or authentication in place. This would allow an\u00a0attacker for instance to point the device to an arbitrary address for domain name resolution to e.g. facililitate a man-in-the-middle (MitM) attack."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "CWE-290 Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T11:02:11.379Z",
        "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "shortName": "DIVD"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://csirt.divd.nl/CVE-2025-36754/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Authentication bypass on web interface",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
    "assignerShortName": "DIVD",
    "cveId": "CVE-2025-36754",
    "datePublished": "2025-12-13T08:16:24.266Z",
    "dateReserved": "2025-04-15T21:54:36.815Z",
    "dateUpdated": "2025-12-16T11:02:11.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-36753 (GCVE-0-2025-36753)

Vulnerability from cvelistv5 – Published: 2025-12-13 08:16 – Updated: 2025-12-16 11:02
VLAI
Title
SWD Interface Open on Growatt ShineLan-X
Summary
The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-290 - Authentication Bypass by Spoofing
Assigner
References
URL Tags
https://csirt.divd.nl/CVE-2025-36753/ third-party-advisory
Impacted products
Vendor Product Version
Growatt ShineLan-X Affected: 3.6.0.0 , ≤ 3.6.0.2 (semver)
Create a notification for this product.
Credits
Hamid Rahmouni Victor Pasman
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36753",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-15T20:30:10.184437Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-15T20:33:36.139Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ShineLan-X",
          "vendor": "Growatt",
          "versions": [
            {
              "lessThanOrEqual": "3.6.0.2",
              "status": "affected",
              "version": "3.6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Hamid Rahmouni"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Victor Pasman"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device."
            }
          ],
          "value": "The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "PHYSICAL",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "CWE-290 Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T11:02:10.315Z",
        "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "shortName": "DIVD"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://csirt.divd.nl/CVE-2025-36753/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "SWD Interface Open on Growatt ShineLan-X",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
    "assignerShortName": "DIVD",
    "cveId": "CVE-2025-36753",
    "datePublished": "2025-12-13T08:16:22.056Z",
    "dateReserved": "2025-04-15T21:54:36.815Z",
    "dateUpdated": "2025-12-16T11:02:10.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-36594 (GCVE-0-2025-36594)

Vulnerability from cvelistv5 – Published: 2025-08-04 14:25 – Updated: 2026-02-26 17:49
VLAI
Summary
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Remote unauthenticated user can create account that potentially expose customer info, affect system integrity and availability.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Impacted products
Date Public
2025-07-31 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36594",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-12T03:55:18.523060Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:49:59.859Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "Feature Release",
          "product": "PowerProtect Data Domain Feature Release",
          "vendor": "Dell",
          "versions": [
            {
              "lessThanOrEqual": "8.3.0.15",
              "status": "affected",
              "version": "7.7.1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "LTS2024",
          "product": "PowerProtect Data Domain LTS2024",
          "vendor": "Dell",
          "versions": [
            {
              "lessThanOrEqual": "7.13.1.25",
              "status": "affected",
              "version": "7.13.1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "LTS 2023",
          "product": "PowerProtect Data Domain LTS 2023",
          "vendor": "Dell",
          "versions": [
            {
              "lessThanOrEqual": "7.10.1.60",
              "status": "affected",
              "version": "7.10.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-07-31T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Remote unauthenticated user can create account that potentially expose customer info, affect system integrity and availability.\u003cbr\u003e"
            }
          ],
          "value": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Remote unauthenticated user can create account that potentially expose customer info, affect system integrity and availability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "CWE-290: Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-04T14:26:54.154Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2025-36594",
    "datePublished": "2025-08-04T14:25:56.750Z",
    "dateReserved": "2025-04-15T21:32:11.413Z",
    "dateUpdated": "2026-02-26T17:49:59.859Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-36119 (GCVE-0-2025-36119)

Vulnerability from cvelistv5 – Published: 2025-08-08 14:25 – Updated: 2026-02-26 17:49
VLAI
Title
IBM i authentication bypass
Summary
IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions in DCM as an administrator.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-290 - Authentication Bypass by Spoofing
Assigner
ibm
References
URL Tags
https://www.ibm.com/support/pages/node/7241008 vendor-advisorypatch
Impacted products
Vendor Product Version
IBM i Affected: 7.3
Affected: 7.4
Affected: 7.5
Affected: 7.6
    cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36119",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T15:03:47.107444Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:49:46.611Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "i",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.3"
            },
            {
              "status": "affected",
              "version": "7.4"
            },
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions in DCM as an administrator."
            }
          ],
          "value": "IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions in DCM as an administrator."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "CWE-290 Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-08T14:25:40.141Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7241008"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The issue can be fixed by applying a PTF to IBM i.  IBM i 7.6, 7.5, 7.4, and 7.3 are addressed.\u003cbr\u003eThe IBM i PTF number for 5770-SS1 Option 34 contains the fix for the vulnerability.\u003cbr\u003e \u003cbr\u003eIBM i Release  5770-SS1\u003cbr\u003e7.6 SJ06558  \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06558\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ06558\u003c/a\u003e\u003cbr\u003e7.5\u0026nbsp;SJ06557  \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06557\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ06557\u003c/a\u003e\u003cbr\u003e7.4\u0026nbsp;SJ06552  \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06552\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ06552\u003c/a\u003e\u003cbr\u003e7.3 SJ06550  \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06550\"\u003ehttps://www.ibm.com/mysupport/s/fix-information?legacy=SJ06550\u003cbr\u003e\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral\"\u003ehttps://www.ibm.com/support/fixcentral\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eImportant note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.\u003cbr\u003e"
            }
          ],
          "value": "The issue can be fixed by applying a PTF to IBM i.  IBM i 7.6, 7.5, 7.4, and 7.3 are addressed.\nThe IBM i PTF number for 5770-SS1 Option 34 contains the fix for the vulnerability.\n \nIBM i Release  5770-SS1\n7.6 SJ06558   https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06558 \n7.5\u00a0SJ06557   https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06557 \n7.4\u00a0SJ06552   https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06552 \n7.3 SJ06550   https://www.ibm.com/support/fixcentral \n\nImportant note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM i authentication bypass",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-36119",
    "datePublished": "2025-08-08T14:25:40.141Z",
    "dateReserved": "2025-04-15T21:16:17.124Z",
    "dateUpdated": "2026-02-26T17:49:46.611Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-34065 (GCVE-0-2025-34065)

Vulnerability from cvelistv5 – Published: 2025-07-01 14:47 – Updated: 2026-04-07 14:09
VLAI
Title
AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via /nobody URL Path
Summary
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-290 - Authentication Bypass by Spoofing
Assigner
Impacted products
Vendor Product Version
AVTECH IP camera, DVR, and NVR Devices Affected: 1000-1000-1000-1000
Affected: 1000C-1000C-1000C-1000C
Affected: 1001-1000-1000-1000
Affected: 1001-1001-1000-1000
Affected: 1002-1000-1000-1000
Affected: 1002-1002-1000-1002
Affected: 1002D-1000D-1000D-1000D
Affected: 1003-1000-1000-1001
Affected: 1003-1001-1001-1000
Affected: 1003-1002-1001-1000
Affected: 1004-1000-1000-1000
Affected: 1004-1001-1001-1001
Affected: 1004-1002-1000-1001
Affected: 1004-1003-1001-1002
Affected: 1004-1003-1002-1001
Affected: 1004A-1001A-1002A-1000A
Affected: 1005-1002-1001-1002
Affected: 1005-1003-1001-1002
Affected: 1005-1004-1002-1001
Affected: 1005A-1001A-1002A-1001A
Affected: 1005D-1001D-1002D-1001D
Affected: 1006-1002-1001-1002
Affected: 1006-1003-1001-1001
Affected: 1006-1004-1003-1001
Affected: 1007-1001-1003-1001
Affected: 1007-1001-1004-1003
Affected: 1007-1002-1001-1000
Affected: 1007-1002-1001-1003
Affected: 1007-1002-1003-1002
Affected: 1007-1004-1003-1001
Affected: 1008-1001-1003-1002
Affected: 1008-1004-1004-1001
Affected: 1008D-1003D-1004D-1002D
Affected: 1008J-1004J-1004J-1001J
Affected: 1009-1001-1004-1001
Affected: 1009-1002-1005-1003
Affected: 1009-1003-1001-1003
Affected: 1009-1003-1005-1002
Affected: 1010-1001-1004-1001
Affected: 1010-1001-1004-1002
Affected: 1010-1003-1005-1002
Affected: 1010-1003-1006-1003
Affected: 1010-1003-1006-1004
Affected: 1010-1004-1007-1001
Affected: 1010J-1001J-1004J-1001J
Affected: 1010N-1003N-1005N-1002N
Affected: 1011-1001-1002A-1002
Affected: 1011-1001-1002D-1002
Affected: 1011-1001-1003-1002
Affected: 1011-1001-1004-1002
Affected: 1011-1001-1005-1002
Affected: 1011-1004-1005-1002
Create a notification for this product.
Date Public
2016-10-11 00:00
Credits
Gergely Eberhardt (SEARCH-LAB.hu)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-34065",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-01T18:35:32.244766Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-01T18:36:04.496Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Search.cgi",
            "username parameter",
            "queryb64str"
          ],
          "product": "IP camera, DVR, and NVR Devices",
          "vendor": "AVTECH",
          "versions": [
            {
              "status": "affected",
              "version": "1000-1000-1000-1000"
            },
            {
              "status": "affected",
              "version": "1000C-1000C-1000C-1000C"
            },
            {
              "status": "affected",
              "version": "1001-1000-1000-1000"
            },
            {
              "status": "affected",
              "version": "1001-1001-1000-1000"
            },
            {
              "status": "affected",
              "version": "1002-1000-1000-1000"
            },
            {
              "status": "affected",
              "version": "1002-1002-1000-1002"
            },
            {
              "status": "affected",
              "version": "1002D-1000D-1000D-1000D"
            },
            {
              "status": "affected",
              "version": "1003-1000-1000-1001"
            },
            {
              "status": "affected",
              "version": "1003-1001-1001-1000"
            },
            {
              "status": "affected",
              "version": "1003-1002-1001-1000"
            },
            {
              "status": "affected",
              "version": "1004-1000-1000-1000"
            },
            {
              "status": "affected",
              "version": "1004-1001-1001-1001"
            },
            {
              "status": "affected",
              "version": "1004-1002-1000-1001"
            },
            {
              "status": "affected",
              "version": "1004-1003-1001-1002"
            },
            {
              "status": "affected",
              "version": "1004-1003-1002-1001"
            },
            {
              "status": "affected",
              "version": "1004A-1001A-1002A-1000A"
            },
            {
              "status": "affected",
              "version": "1005-1002-1001-1002"
            },
            {
              "status": "affected",
              "version": "1005-1003-1001-1002"
            },
            {
              "status": "affected",
              "version": "1005-1004-1002-1001"
            },
            {
              "status": "affected",
              "version": "1005A-1001A-1002A-1001A"
            },
            {
              "status": "affected",
              "version": "1005D-1001D-1002D-1001D"
            },
            {
              "status": "affected",
              "version": "1006-1002-1001-1002"
            },
            {
              "status": "affected",
              "version": "1006-1003-1001-1001"
            },
            {
              "status": "affected",
              "version": "1006-1004-1003-1001"
            },
            {
              "status": "affected",
              "version": "1007-1001-1003-1001"
            },
            {
              "status": "affected",
              "version": "1007-1001-1004-1003"
            },
            {
              "status": "affected",
              "version": "1007-1002-1001-1000"
            },
            {
              "status": "affected",
              "version": "1007-1002-1001-1003"
            },
            {
              "status": "affected",
              "version": "1007-1002-1003-1002"
            },
            {
              "status": "affected",
              "version": "1007-1004-1003-1001"
            },
            {
              "status": "affected",
              "version": "1008-1001-1003-1002"
            },
            {
              "status": "affected",
              "version": "1008-1004-1004-1001"
            },
            {
              "status": "affected",
              "version": "1008D-1003D-1004D-1002D"
            },
            {
              "status": "affected",
              "version": "1008J-1004J-1004J-1001J"
            },
            {
              "status": "affected",
              "version": "1009-1001-1004-1001"
            },
            {
              "status": "affected",
              "version": "1009-1002-1005-1003"
            },
            {
              "status": "affected",
              "version": "1009-1003-1001-1003"
            },
            {
              "status": "affected",
              "version": "1009-1003-1005-1002"
            },
            {
              "status": "affected",
              "version": "1010-1001-1004-1001"
            },
            {
              "status": "affected",
              "version": "1010-1001-1004-1002"
            },
            {
              "status": "affected",
              "version": "1010-1003-1005-1002"
            },
            {
              "status": "affected",
              "version": "1010-1003-1006-1003"
            },
            {
              "status": "affected",
              "version": "1010-1003-1006-1004"
            },
            {
              "status": "affected",
              "version": "1010-1004-1007-1001"
            },
            {
              "status": "affected",
              "version": "1010J-1001J-1004J-1001J"
            },
            {
              "status": "affected",
              "version": "1010N-1003N-1005N-1002N"
            },
            {
              "status": "affected",
              "version": "1011-1001-1002A-1002"
            },
            {
              "status": "affected",
              "version": "1011-1001-1002D-1002"
            },
            {
              "status": "affected",
              "version": "1011-1001-1003-1002"
            },
            {
              "status": "affected",
              "version": "1011-1001-1004-1002"
            },
            {
              "status": "affected",
              "version": "1011-1001-1005-1002"
            },
            {
              "status": "affected",
              "version": "1011-1004-1005-1002"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Gergely Eberhardt (SEARCH-LAB.hu)"
        }
      ],
      "datePublic": "2016-10-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices\u2019 streamd web server. The strstr() function allows unauthenticated access to any request containing \"/nobody\" in the URL, bypassing login controls."
            }
          ],
          "value": "An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices\u2019 streamd web server. The strstr() function allows unauthenticated access to any request containing \"/nobody\" in the URL, bypassing login controls."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        },
        {
          "capecId": "CAPEC-137",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-137 Parameter Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "CWE-290 Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-07T14:09:18.570Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/40500"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://avtech.com/"
        },
        {
          "tags": [
            "third-party-advisory",
            "technical-description"
          ],
          "url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via /nobody URL Path",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2025-34065",
    "datePublished": "2025-07-01T14:47:23.621Z",
    "dateReserved": "2025-04-15T19:15:22.549Z",
    "dateUpdated": "2026-04-07T14:09:18.570Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-34063 (GCVE-0-2025-34063)

Vulnerability from cvelistv5 – Published: 2025-07-01 14:49 – Updated: 2025-07-01 15:17
VLAI
Title
OneLogin AD Connector JWT Authentication Bypass via Exposed Signing Key
Summary
A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft valid JWT tokens impersonating arbitrary users within a OneLogin tenant. The tokens allow authentication to the OneLogin SSO portal and all downstream applications federated via SAML or OIDC. This allows full unauthorized access across the victim’s SaaS environment.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-290 - Authentication Bypass by Spoofing
Assigner
Impacted products
Credits
SpecterOps
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-34063",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-01T15:16:54.889310Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-01T15:17:11.538Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "JWT signing logic within ConnectorService.exe and SSO JWT consumer endpoint (/trust/onelogin-sso/jwt)",
            "Signed JWT crafted with leaked signing_key"
          ],
          "product": "OneLogin Active Directory Connector (ADC)",
          "vendor": "One Identity",
          "versions": [
            {
              "lessThan": "6.1.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "SpecterOps"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eA cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant\u2019s SSO JWT signing key via the \u003ccode\u003e/api/adc/v4/configuration\u003c/code\u003e endpoint. An attacker in possession of the signing key can craft valid JWT tokens impersonating arbitrary users within a OneLogin tenant. The tokens allow authentication to the OneLogin SSO portal and all downstream applications federated via SAML or OIDC. This allows full unauthorized access across the victim\u2019s SaaS environment.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant\u2019s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft valid JWT tokens impersonating arbitrary users within a OneLogin tenant. The tokens allow authentication to the OneLogin SSO portal and all downstream applications federated via SAML or OIDC. This allows full unauthorized access across the victim\u2019s SaaS environment."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "CWE-290 Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-01T14:49:25.544Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://support.onelogin.com/product-notification/noti-00001768"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://specterops.io/blog/2025/06/10/onelogin-many-issues-how-i-pivoted-from-a-trial-tenant-to-compromising-customer-signing-keys/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vulncheck.com/advisories/onelogin-ad-connector-account-compromise"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "OneLogin AD Connector JWT Authentication Bypass via Exposed Signing Key",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2025-34063",
    "datePublished": "2025-07-01T14:49:25.544Z",
    "dateReserved": "2025-04-15T19:15:22.549Z",
    "dateUpdated": "2025-07-01T15:17:11.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-34053 (GCVE-0-2025-34053)

Vulnerability from cvelistv5 – Published: 2025-07-01 14:45 – Updated: 2026-04-07 14:09
VLAI
Title
AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via .cab Path Manipulation
Summary
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-290 - Authentication Bypass by Spoofing
Assigner
Impacted products
Vendor Product Version
AVTECH IP camera, DVR, and NVR devices Affected: 1000-1000-1000-1000
Affected: 1000C-1000C-1000C-1000C
Affected: 1001-1000-1000-1000
Affected: 1001-1001-1000-1000
Affected: 1002-1000-1000-1000
Affected: 1002-1002-1000-1002
Affected: 1002D-1000D-1000D-1000D
Affected: 1003-1000-1000-1001
Affected: 1003-1001-1001-1000
Affected: 1003-1002-1001-1000
Affected: 1004-1000-1000-1000
Affected: 1004-1001-1001-1001
Affected: 1004-1003-1001-1002
Affected: 1004-1003-1002-1001
Affected: 1004A-1001A-1002A-1000A
Affected: 1005-1002-1001-1002
Affected: 1005-1003-1001-1002
Affected: 1005-1004-1002-1001
Affected: 1005A-1001A-1002A-1001A
Affected: 1005D-1001D-1002D-1001D
Affected: 1006-1002-1001-1002
Affected: 1006-1004-1003-1001
Affected: 1007-1001-1003-1001
Affected: 1007-1001-1004-1003
Affected: 1007-1002-1001-1003
Affected: 1007-1002-1003-1002
Affected: 1007-1004-1003-1001
Affected: 1008-1001-1003-1002
Affected: 1008-1004-1004-1001
Affected: 1008D-1003D-1004D-1002D
Affected: 1008J-1004J-1004J-1001J
Affected: 1009-1001-1004-1001
Affected: 1009-1002-1005-1003
Affected: 1009-1003-1005-1002
Affected: 1010-1001-1004-1001
Affected: 1010-1001-1004-1002
Affected: 1010-1003-1005-1002
Affected: 1010-1003-1006-1003
Affected: 1010-1003-1006-1004
Affected: 1010-1004-1007-1001
Affected: 1010J-1001J-1004J-1001J
Affected: 1010N-1003N-1005N-1002N
Affected: 1011-1001-1002A-1002
Affected: 1011-1001-1002D-1002
Affected: 1011-1001-1003-1002
Affected: 1011-1001-1004-1002
Affected: 1011-1001-1005-1002
Affected: 1011-1004-1005-1002
Affected: 1012-1001-1005-1002
Affected: 1012-1001-1005-1003
Affected: 1012-1001-1005PO-1002
Affected: 1012-1003-1007-1002
Affected: 1012-1003-1007-1004
Affected: 1013-1001-1005-1003
Affected: 1013-1002-1006-1002
Affected: 1013-1003-1008-1003
Affected: 1013-1004-1008-1004
Affected: 1013-1005-1005-1002
Affected: 1013-1005-1007-1002
Affected: 1013K-1005K-1007PO-1002K
Affected: 1014-1002-1006-1002
Affected: 1014-1002-1006-1003
Affected: 1014-1003-1008-1003
Affected: 1014-1005-1008-1002
Affected: 1014B-1002B-1006B-1002B
Affected: 1015-1001-1006-1003
Affected: 1015-1002-1006-1003
Affected: 1015-1002-1007-1002
Affected: 1015-1003-1008-1003
Affected: 1015-1005-1009-1004
Affected: 1015-1006-1004-1002
Affected: 1015-1006-1005-1002
Affected: 1015-1006-1008-1002
Affected: 1015C-1004C-1003C-1005C
Affected: 1015K-1006K-1008PO-1002K
Affected: 1016-1002-1007-1002
Affected: 1016-1006-1013-1002
Affected: 1016-1007-1009-1003
Affected: 1016-1007-1011-1003
Affected: 1017-1002-1007-1003
Affected: 1017-1003-1007-1003
Affected: 1017-1003-1009-1003
Affected: 1017-1005-1004-1005
Affected: 1017-1006-1013-1002
Affected: 1017-1013-1014-1005
Affected: 1018-1003-1005-1004
Affected: 1018-1003-1008-1003
Affected: 1018-1003-1008-1004
Affected: 1018-1003-1008PO-1003
Affected: 1018-1004-1005-1005
Affected: 1018-1007-1009-1003
Affected: 1018-1012-1011-1010
Affected: 1019-1004-1006-1005
Affected: 1019-1007-1009-1003
Affected: 1020-1003-1008-1003
Affected: 1020-1003-1008-1004
Affected: 1020-1004-1007-1006
Affected: 1020-1007-1008-1003
Affected: 1020-1007-1009-1003
Affected: 1021-1003-1008-1003
Affected: 1021-1003-1008-1004
Affected: 1021-1005-1006-1005
Affected: 1021-1005-1008-1006
Affected: 1021-1006-1015-1002
Affected: 1021-1007-1010-1003
Affected: 1022-1005-1007-1005
Affected: 1022-1005-1009-1007
Affected: 1022-1006-1015-1002
Affected: 1022-1013-1014-1010
Affected: 1022-1014-1016-1002-FFFF
Affected: 1022Y-1014Y-1016Y-1002Y-FFFF
Affected: 1023-1005-1008-1006
Affected: 1023-1007-1016-1003
Affected: 1024-1019-1019-1007
Affected: 1025-1006-1010-1007
Affected: 1025-1017-1017-1011
Affected: 1027-1007-1019-1003
Affected: 1027-1021-1021-1008
Affected: 1028-1021-1022-1008
Affected: 1031-1007-1022-1003
Affected: 1032-1022-1024-1008
Affected: 1033-1018-1021-1012
Affected: 1035-1005-1005-1004
Affected: 1035-1005-1005-1005
Affected: 1035-1005-1005-1005P
Affected: 1035-1007-1024-1003
Affected: 1035-1024-1025-1008
Affected: 1036-1005-1006-1005
Affected: 1036-1007-1024-1003
Affected: 1036-1014-1016-1016
Affected: 1037-1024-1027-1008
Affected: 1037-1025-1027-1008
Affected: 1038-1021-1024-1012
Affected: 1038-1021-1024-1012-A5
Affected: 1038-1025-1028-1008
Affected: 1039-1005-1008-1004
Affected: 1039-1005-1008-1005
Affected: 1039-1014-1017-1016
Affected: 1039D-1014D-1017D-1016D
Affected: 1040-1026-1029-1008
Affected: 1041-1005-1009-1005
Affected: 1042-1026-1030-1008
Affected: 1044-1026-1030-1008
Affected: 1044-1026-1031-1008
Affected: 1045-1015-1020-1018
Affected: 1046-1027-1032-1008
Affected: 1047-1027-1031-1008
Affected: 1049-1027-1033-1008
Affected: 1050-1027-1034-1008
Affected: 1050-1027-1036-1008
Affected: 1051-1027-1035-1008
Affected: 1051CZ-1028-1037-1008
Affected: 1052-1027-1034-1008
Affected: 1052-1028-1038-1008
Affected: 1052A-1028-1038A-1008
Affected: 1054-1027-1036-1008
Affected: 1054-1028-1036-1008
Affected: 1055-1028-1036-1008
Affected: 1056-1028-1037-1008
Affected: 1058-1028-1039-1008
Affected: 1062-1028-1041-1008
Affected: 1065-1029-1043-1008
Affected: 1068-1029-1043-1008
Affected: 1069-1029-1043-1008
Affected: 1071-1029-1044-1008
Affected: 1077-1017-1035-1007
Affected: 1077-1017-1035-1007-A6
Affected: 1077-1017-1035-1007-D4
Affected: 1077-1017-1035-1007-D705FF
Affected: 1078-1017-1036-1007
Affected: 1078-1017-1036-1007-A6
Affected: 1078-1017-1036-1007-D707FF
Affected: 1079-1017-1037-1007
Affected: 1079-1017-1037-1007-D4
Affected: 1W77-1W17-1W35-1W07-A6
Affected: A077-1017-A035-1007
Affected: A077-1017-A035-1007-A6
Affected: A1035-1024-A1025-1008
Affected: A1038-1025-A1028-1008-D4
Affected: S681-S681-S681-S681
Affected: S749-S749-S749-S749
Affected: S818-S818-S818-S818
Affected: S820-S820-S820-S820
Affected: S823-S823-S823-S823
Affected: S914V-S914V-S914V-S914V
Affected: S984-S984-S984-S984
Create a notification for this product.
Date Public
2016-10-11 00:00
Credits
Gergely Eberhardt (SEARCH-LAB.hu)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-34053",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-01T18:46:03.365792Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-01T18:46:09.474Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "streamd web server",
            "request URL parameter"
          ],
          "product": "IP camera, DVR, and NVR devices",
          "vendor": "AVTECH",
          "versions": [
            {
              "status": "affected",
              "version": "1000-1000-1000-1000"
            },
            {
              "status": "affected",
              "version": "1000C-1000C-1000C-1000C"
            },
            {
              "status": "affected",
              "version": "1001-1000-1000-1000"
            },
            {
              "status": "affected",
              "version": "1001-1001-1000-1000"
            },
            {
              "status": "affected",
              "version": "1002-1000-1000-1000"
            },
            {
              "status": "affected",
              "version": "1002-1002-1000-1002"
            },
            {
              "status": "affected",
              "version": "1002D-1000D-1000D-1000D"
            },
            {
              "status": "affected",
              "version": "1003-1000-1000-1001"
            },
            {
              "status": "affected",
              "version": "1003-1001-1001-1000"
            },
            {
              "status": "affected",
              "version": "1003-1002-1001-1000"
            },
            {
              "status": "affected",
              "version": "1004-1000-1000-1000"
            },
            {
              "status": "affected",
              "version": "1004-1001-1001-1001"
            },
            {
              "status": "affected",
              "version": "1004-1003-1001-1002"
            },
            {
              "status": "affected",
              "version": "1004-1003-1002-1001"
            },
            {
              "status": "affected",
              "version": "1004A-1001A-1002A-1000A"
            },
            {
              "status": "affected",
              "version": "1005-1002-1001-1002"
            },
            {
              "status": "affected",
              "version": "1005-1003-1001-1002"
            },
            {
              "status": "affected",
              "version": "1005-1004-1002-1001"
            },
            {
              "status": "affected",
              "version": "1005A-1001A-1002A-1001A"
            },
            {
              "status": "affected",
              "version": "1005D-1001D-1002D-1001D"
            },
            {
              "status": "affected",
              "version": "1006-1002-1001-1002"
            },
            {
              "status": "affected",
              "version": "1006-1004-1003-1001"
            },
            {
              "status": "affected",
              "version": "1007-1001-1003-1001"
            },
            {
              "status": "affected",
              "version": "1007-1001-1004-1003"
            },
            {
              "status": "affected",
              "version": "1007-1002-1001-1003"
            },
            {
              "status": "affected",
              "version": "1007-1002-1003-1002"
            },
            {
              "status": "affected",
              "version": "1007-1004-1003-1001"
            },
            {
              "status": "affected",
              "version": "1008-1001-1003-1002"
            },
            {
              "status": "affected",
              "version": "1008-1004-1004-1001"
            },
            {
              "status": "affected",
              "version": "1008D-1003D-1004D-1002D"
            },
            {
              "status": "affected",
              "version": "1008J-1004J-1004J-1001J"
            },
            {
              "status": "affected",
              "version": "1009-1001-1004-1001"
            },
            {
              "status": "affected",
              "version": "1009-1002-1005-1003"
            },
            {
              "status": "affected",
              "version": "1009-1003-1005-1002"
            },
            {
              "status": "affected",
              "version": "1010-1001-1004-1001"
            },
            {
              "status": "affected",
              "version": "1010-1001-1004-1002"
            },
            {
              "status": "affected",
              "version": "1010-1003-1005-1002"
            },
            {
              "status": "affected",
              "version": "1010-1003-1006-1003"
            },
            {
              "status": "affected",
              "version": "1010-1003-1006-1004"
            },
            {
              "status": "affected",
              "version": "1010-1004-1007-1001"
            },
            {
              "status": "affected",
              "version": "1010J-1001J-1004J-1001J"
            },
            {
              "status": "affected",
              "version": "1010N-1003N-1005N-1002N"
            },
            {
              "status": "affected",
              "version": "1011-1001-1002A-1002"
            },
            {
              "status": "affected",
              "version": "1011-1001-1002D-1002"
            },
            {
              "status": "affected",
              "version": "1011-1001-1003-1002"
            },
            {
              "status": "affected",
              "version": "1011-1001-1004-1002"
            },
            {
              "status": "affected",
              "version": "1011-1001-1005-1002"
            },
            {
              "status": "affected",
              "version": "1011-1004-1005-1002"
            },
            {
              "status": "affected",
              "version": "1012-1001-1005-1002"
            },
            {
              "status": "affected",
              "version": "1012-1001-1005-1003"
            },
            {
              "status": "affected",
              "version": "1012-1001-1005PO-1002"
            },
            {
              "status": "affected",
              "version": "1012-1003-1007-1002"
            },
            {
              "status": "affected",
              "version": "1012-1003-1007-1004"
            },
            {
              "status": "affected",
              "version": "1013-1001-1005-1003"
            },
            {
              "status": "affected",
              "version": "1013-1002-1006-1002"
            },
            {
              "status": "affected",
              "version": "1013-1003-1008-1003"
            },
            {
              "status": "affected",
              "version": "1013-1004-1008-1004"
            },
            {
              "status": "affected",
              "version": "1013-1005-1005-1002"
            },
            {
              "status": "affected",
              "version": "1013-1005-1007-1002"
            },
            {
              "status": "affected",
              "version": "1013K-1005K-1007PO-1002K"
            },
            {
              "status": "affected",
              "version": "1014-1002-1006-1002"
            },
            {
              "status": "affected",
              "version": "1014-1002-1006-1003"
            },
            {
              "status": "affected",
              "version": "1014-1003-1008-1003"
            },
            {
              "status": "affected",
              "version": "1014-1005-1008-1002"
            },
            {
              "status": "affected",
              "version": "1014B-1002B-1006B-1002B"
            },
            {
              "status": "affected",
              "version": "1015-1001-1006-1003"
            },
            {
              "status": "affected",
              "version": "1015-1002-1006-1003"
            },
            {
              "status": "affected",
              "version": "1015-1002-1007-1002"
            },
            {
              "status": "affected",
              "version": "1015-1003-1008-1003"
            },
            {
              "status": "affected",
              "version": "1015-1005-1009-1004"
            },
            {
              "status": "affected",
              "version": "1015-1006-1004-1002"
            },
            {
              "status": "affected",
              "version": "1015-1006-1005-1002"
            },
            {
              "status": "affected",
              "version": "1015-1006-1008-1002"
            },
            {
              "status": "affected",
              "version": "1015C-1004C-1003C-1005C"
            },
            {
              "status": "affected",
              "version": "1015K-1006K-1008PO-1002K"
            },
            {
              "status": "affected",
              "version": "1016-1002-1007-1002"
            },
            {
              "status": "affected",
              "version": "1016-1006-1013-1002"
            },
            {
              "status": "affected",
              "version": "1016-1007-1009-1003"
            },
            {
              "status": "affected",
              "version": "1016-1007-1011-1003"
            },
            {
              "status": "affected",
              "version": "1017-1002-1007-1003"
            },
            {
              "status": "affected",
              "version": "1017-1003-1007-1003"
            },
            {
              "status": "affected",
              "version": "1017-1003-1009-1003"
            },
            {
              "status": "affected",
              "version": "1017-1005-1004-1005"
            },
            {
              "status": "affected",
              "version": "1017-1006-1013-1002"
            },
            {
              "status": "affected",
              "version": "1017-1013-1014-1005"
            },
            {
              "status": "affected",
              "version": "1018-1003-1005-1004"
            },
            {
              "status": "affected",
              "version": "1018-1003-1008-1003"
            },
            {
              "status": "affected",
              "version": "1018-1003-1008-1004"
            },
            {
              "status": "affected",
              "version": "1018-1003-1008PO-1003"
            },
            {
              "status": "affected",
              "version": "1018-1004-1005-1005"
            },
            {
              "status": "affected",
              "version": "1018-1007-1009-1003"
            },
            {
              "status": "affected",
              "version": "1018-1012-1011-1010"
            },
            {
              "status": "affected",
              "version": "1019-1004-1006-1005"
            },
            {
              "status": "affected",
              "version": "1019-1007-1009-1003"
            },
            {
              "status": "affected",
              "version": "1020-1003-1008-1003"
            },
            {
              "status": "affected",
              "version": "1020-1003-1008-1004"
            },
            {
              "status": "affected",
              "version": "1020-1004-1007-1006"
            },
            {
              "status": "affected",
              "version": "1020-1007-1008-1003"
            },
            {
              "status": "affected",
              "version": "1020-1007-1009-1003"
            },
            {
              "status": "affected",
              "version": "1021-1003-1008-1003"
            },
            {
              "status": "affected",
              "version": "1021-1003-1008-1004"
            },
            {
              "status": "affected",
              "version": "1021-1005-1006-1005"
            },
            {
              "status": "affected",
              "version": "1021-1005-1008-1006"
            },
            {
              "status": "affected",
              "version": "1021-1006-1015-1002"
            },
            {
              "status": "affected",
              "version": "1021-1007-1010-1003"
            },
            {
              "status": "affected",
              "version": "1022-1005-1007-1005"
            },
            {
              "status": "affected",
              "version": "1022-1005-1009-1007"
            },
            {
              "status": "affected",
              "version": "1022-1006-1015-1002"
            },
            {
              "status": "affected",
              "version": "1022-1013-1014-1010"
            },
            {
              "status": "affected",
              "version": "1022-1014-1016-1002-FFFF"
            },
            {
              "status": "affected",
              "version": "1022Y-1014Y-1016Y-1002Y-FFFF"
            },
            {
              "status": "affected",
              "version": "1023-1005-1008-1006"
            },
            {
              "status": "affected",
              "version": "1023-1007-1016-1003"
            },
            {
              "status": "affected",
              "version": "1024-1019-1019-1007"
            },
            {
              "status": "affected",
              "version": "1025-1006-1010-1007"
            },
            {
              "status": "affected",
              "version": "1025-1017-1017-1011"
            },
            {
              "status": "affected",
              "version": "1027-1007-1019-1003"
            },
            {
              "status": "affected",
              "version": "1027-1021-1021-1008"
            },
            {
              "status": "affected",
              "version": "1028-1021-1022-1008"
            },
            {
              "status": "affected",
              "version": "1031-1007-1022-1003"
            },
            {
              "status": "affected",
              "version": "1032-1022-1024-1008"
            },
            {
              "status": "affected",
              "version": "1033-1018-1021-1012"
            },
            {
              "status": "affected",
              "version": "1035-1005-1005-1004"
            },
            {
              "status": "affected",
              "version": "1035-1005-1005-1005"
            },
            {
              "status": "affected",
              "version": "1035-1005-1005-1005P"
            },
            {
              "status": "affected",
              "version": "1035-1007-1024-1003"
            },
            {
              "status": "affected",
              "version": "1035-1024-1025-1008"
            },
            {
              "status": "affected",
              "version": "1036-1005-1006-1005"
            },
            {
              "status": "affected",
              "version": "1036-1007-1024-1003"
            },
            {
              "status": "affected",
              "version": "1036-1014-1016-1016"
            },
            {
              "status": "affected",
              "version": "1037-1024-1027-1008"
            },
            {
              "status": "affected",
              "version": "1037-1025-1027-1008"
            },
            {
              "status": "affected",
              "version": "1038-1021-1024-1012"
            },
            {
              "status": "affected",
              "version": "1038-1021-1024-1012-A5"
            },
            {
              "status": "affected",
              "version": "1038-1025-1028-1008"
            },
            {
              "status": "affected",
              "version": "1039-1005-1008-1004"
            },
            {
              "status": "affected",
              "version": "1039-1005-1008-1005"
            },
            {
              "status": "affected",
              "version": "1039-1014-1017-1016"
            },
            {
              "status": "affected",
              "version": "1039D-1014D-1017D-1016D"
            },
            {
              "status": "affected",
              "version": "1040-1026-1029-1008"
            },
            {
              "status": "affected",
              "version": "1041-1005-1009-1005"
            },
            {
              "status": "affected",
              "version": "1042-1026-1030-1008"
            },
            {
              "status": "affected",
              "version": "1044-1026-1030-1008"
            },
            {
              "status": "affected",
              "version": "1044-1026-1031-1008"
            },
            {
              "status": "affected",
              "version": "1045-1015-1020-1018"
            },
            {
              "status": "affected",
              "version": "1046-1027-1032-1008"
            },
            {
              "status": "affected",
              "version": "1047-1027-1031-1008"
            },
            {
              "status": "affected",
              "version": "1049-1027-1033-1008"
            },
            {
              "status": "affected",
              "version": "1050-1027-1034-1008"
            },
            {
              "status": "affected",
              "version": "1050-1027-1036-1008"
            },
            {
              "status": "affected",
              "version": "1051-1027-1035-1008"
            },
            {
              "status": "affected",
              "version": "1051CZ-1028-1037-1008"
            },
            {
              "status": "affected",
              "version": "1052-1027-1034-1008"
            },
            {
              "status": "affected",
              "version": "1052-1028-1038-1008"
            },
            {
              "status": "affected",
              "version": "1052A-1028-1038A-1008"
            },
            {
              "status": "affected",
              "version": "1054-1027-1036-1008"
            },
            {
              "status": "affected",
              "version": "1054-1028-1036-1008"
            },
            {
              "status": "affected",
              "version": "1055-1028-1036-1008"
            },
            {
              "status": "affected",
              "version": "1056-1028-1037-1008"
            },
            {
              "status": "affected",
              "version": "1058-1028-1039-1008"
            },
            {
              "status": "affected",
              "version": "1062-1028-1041-1008"
            },
            {
              "status": "affected",
              "version": "1065-1029-1043-1008"
            },
            {
              "status": "affected",
              "version": "1068-1029-1043-1008"
            },
            {
              "status": "affected",
              "version": "1069-1029-1043-1008"
            },
            {
              "status": "affected",
              "version": "1071-1029-1044-1008"
            },
            {
              "status": "affected",
              "version": "1077-1017-1035-1007"
            },
            {
              "status": "affected",
              "version": "1077-1017-1035-1007-A6"
            },
            {
              "status": "affected",
              "version": "1077-1017-1035-1007-D4"
            },
            {
              "status": "affected",
              "version": "1077-1017-1035-1007-D705FF"
            },
            {
              "status": "affected",
              "version": "1078-1017-1036-1007"
            },
            {
              "status": "affected",
              "version": "1078-1017-1036-1007-A6"
            },
            {
              "status": "affected",
              "version": "1078-1017-1036-1007-D707FF"
            },
            {
              "status": "affected",
              "version": "1079-1017-1037-1007"
            },
            {
              "status": "affected",
              "version": "1079-1017-1037-1007-D4"
            },
            {
              "status": "affected",
              "version": "1W77-1W17-1W35-1W07-A6"
            },
            {
              "status": "affected",
              "version": "A077-1017-A035-1007"
            },
            {
              "status": "affected",
              "version": "A077-1017-A035-1007-A6"
            },
            {
              "status": "affected",
              "version": "A1035-1024-A1025-1008"
            },
            {
              "status": "affected",
              "version": "A1038-1025-A1028-1008-D4"
            },
            {
              "status": "affected",
              "version": "S681-S681-S681-S681"
            },
            {
              "status": "affected",
              "version": "S749-S749-S749-S749"
            },
            {
              "status": "affected",
              "version": "S818-S818-S818-S818"
            },
            {
              "status": "affected",
              "version": "S820-S820-S820-S820"
            },
            {
              "status": "affected",
              "version": "S823-S823-S823-S823"
            },
            {
              "status": "affected",
              "version": "S914V-S914V-S914V-S914V"
            },
            {
              "status": "affected",
              "version": "S984-S984-S984-S984"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Gergely Eberhardt (SEARCH-LAB.hu)"
        }
      ],
      "datePublic": "2016-10-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices\u2019 streamd web server. The strstr() function is used to identify \".cab\" requests, allowing any URL containing \".cab\" to bypass authentication and access protected endpoints."
            }
          ],
          "value": "An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices\u2019 streamd web server. The strstr() function is used to identify \".cab\" requests, allowing any URL containing \".cab\" to bypass authentication and access protected endpoints."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        },
        {
          "capecId": "CAPEC-137",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-137 Parameter Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "CWE-290 Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-07T14:09:15.581Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/40500"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://avtech.com/"
        },
        {
          "tags": [
            "third-party-advisory",
            "technical-description"
          ],
          "url": "https://web.archive.org/web/20240810225729/https://www.search-lab.hu/advisories/126-AVTech-devices-multiple-vulnerabilities"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://web.archive.org/web/20161029201749/https://github.com/ebux/AVTECH"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vulncheck.com/advisories/avtech-ipcamera-nvr-dvr-mulitple-vulns"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via .cab Path Manipulation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2025-34053",
    "datePublished": "2025-07-01T14:45:02.858Z",
    "dateReserved": "2025-04-15T19:15:22.548Z",
    "dateUpdated": "2026-04-07T14:09:15.581Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-32966 (GCVE-0-2025-32966)

Vulnerability from cvelistv5 – Published: 2025-04-23 15:21 – Updated: 2025-04-23 16:23
VLAI
Title
Dataease H2 JDBC Connection Remote Code Execution
Summary
DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Impacted products
Vendor Product Version
dataease dataease Affected: < 2.10.8
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32966",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T16:21:32.055432Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:23:29.128Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dataease",
          "vendor": "dataease",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.10.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "CWE-290: Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-23T15:21:50.361Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-4j78-cvc7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/dataease/dataease/security/advisories/GHSA-h7hj-4j78-cvc7"
        }
      ],
      "source": {
        "advisory": "GHSA-h7hj-4j78-cvc7",
        "discovery": "UNKNOWN"
      },
      "title": "Dataease H2 JDBC Connection Remote Code Execution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-32966",
    "datePublished": "2025-04-23T15:21:50.361Z",
    "dateReserved": "2025-04-14T21:47:11.454Z",
    "dateUpdated": "2025-04-23T16:23:29.128Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-32788 (GCVE-0-2025-32788)

Vulnerability from cvelistv5 – Published: 2025-04-22 17:14 – Updated: 2025-04-25 16:03
VLAI
Title
OctoPrint Authenticated Reverse Proxy Page Authentication Bypass
Summary
OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential future modifications to the codebase that might incorrectly rely on the vulnerable internal functions for authentication checks, leading to security vulnerabilities. This issue has been patched in version 1.11.0.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Impacted products
Vendor Product Version
OctoPrint OctoPrint Affected: < 1.11.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32788",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-24T19:56:38.443886Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-25T16:03:30.506Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OctoPrint",
          "vendor": "OctoPrint",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.11.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential future modifications to the codebase that might incorrectly rely on the vulnerable internal functions for authentication checks, leading to security vulnerabilities. This issue has been patched in version 1.11.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "CWE-290: Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-22T17:14:39.690Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x"
        },
        {
          "name": "https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2"
        }
      ],
      "source": {
        "advisory": "GHSA-qw93-h6pf-226x",
        "discovery": "UNKNOWN"
      },
      "title": "OctoPrint Authenticated Reverse Proxy Page Authentication Bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-32788",
    "datePublished": "2025-04-22T17:14:39.690Z",
    "dateReserved": "2025-04-10T12:51:12.280Z",
    "dateUpdated": "2025-04-25T16:03:30.506Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

CAPEC-21: Exploitation of Trusted Identifiers

An adversary guesses, obtains, or "rides" a trusted identifier (e.g. session ID, resource ID, cookie, etc.) to perform authorized actions under the guise of an authenticated user or service.

CAPEC-22: Exploiting Trust in Client

An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-461: Web Services API Signature Forgery Leveraging Hash Function Extension Weakness

An adversary utilizes a hash function extension/padding weakness, to modify the parameters passed to the web service requesting authentication by generating their own call in order to generate a legitimate signature hash (as described in the notes), without knowledge of the secret token sometimes provided by the web service.

CAPEC-473: Signature Spoof

An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.

CAPEC-476: Signature Spoofing by Misrepresentation

An attacker exploits a weakness in the parsing or display code of the recipient software to generate a data blob containing a supposedly valid signature, but the signer's identity is falsely represented, which can lead to the attacker manipulating the recipient software or its victim user to perform compromising actions.

CAPEC-59: Session Credential Falsification through Prediction

This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

CAPEC-60: Reusing Session IDs (aka Session Replay)

This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.

CAPEC-667: Bluetooth Impersonation AttackS (BIAS)

An adversary disguises the MAC address of their Bluetooth enabled device to one for which there exists an active and trusted connection and authenticates successfully. The adversary can then perform malicious actions on the target Bluetooth device depending on the target’s capabilities.

CAPEC-94: Adversary in the Middle (AiTM)

An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.