CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2025-14095 (GCVE-0-2025-14095)
Vulnerability from cvelistv5 – Published: 2025-12-17 11:45 – Updated: 2025-12-17 21:46
VLAI
Title
Privilege boundary violation in Radiometer Products
Summary
A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.
Other related CVE's are CVE-2025-14096 & CVE-2025-14097.
Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.
Required configuration for Exposure:
Physical access to the analyzer is needed.
Temporary work Around:
Only authorized people can physically access the analyzer.
Permanent solution:
Local Radiometer representatives will contact all affected customers to discuss a permanent solution.
Exploit Status:
Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication. Note:
CVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems.
Severity
6.8 (Medium)
5.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Radiometer Medical Aps | ABL90 FLEX and ABL90 FLEX PLUS Analyzers |
Affected:
All application software versions with Windows 7, Windows XP as underlying OS
(ABL90 DMS(Data Management System) Application)
Affected: Application software versions < 3.5MR11 with Windows 10 as underlying OS |
|
| Radiometer Medical Aps | AQT90 FLEX Analyzers |
Affected:
All Application software versions <= 8.13 MR2
(AQT90 DMS(Data Management System) Application)
|
|
| Radiometer Medical Aps | ABL800 BASIC and ABL800 FLEX Analyzers |
Affected:
Application software versions < 6.20 MR2 with Windows 7, Windows XP as underlying OS
(ABL800 DMS(Data Management System))
Affected: Application software versions < 6.20 MR2 with Windows 10 as underlying OS (ABL800 DMS(Data Management System)) |
|
| Radiometer Medical Aps | ABL9 Analyzers |
Affected:
Application software versions < 1.5.0
(CABO application)
|
Date Public
2025-11-04 12:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T21:46:47.889591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T21:46:57.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ABL90 FLEX and ABL90 FLEX PLUS Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "All application software versions with Windows 7, Windows XP as underlying OS",
"versionType": "ABL90 DMS(Data Management System) Application"
},
{
"status": "affected",
"version": "Application software versions \u003c 3.5MR11 with Windows 10 as underlying OS"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AQT90 FLEX Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "All Application software versions \u003c= 8.13 MR2",
"versionType": "AQT90 DMS(Data Management System) Application"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ABL800 BASIC and ABL800 FLEX Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "Application software versions \u003c 6.20 MR2 with Windows 7, Windows XP as underlying OS",
"versionType": "ABL800 DMS(Data Management System)"
},
{
"status": "affected",
"version": "Application software versions \u003c 6.20 MR2 with Windows 10 as underlying OS",
"versionType": "ABL800 DMS(Data Management System)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ABL9 Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "Application software versions \u003c 1.5.0",
"versionType": "CABO application"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Physical access to the analyzer is needed\n\n\u003cbr\u003e"
}
],
"value": "Physical access to the analyzer is needed"
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Florian Hauser and Fabian Weber from CODE WHITE GmbH"
}
],
"datePublic": "2025-11-04T12:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA \"Privilege boundary violation\" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eOther related CVE\u0027s are CVE-2025-14096 \u0026amp; CVE-2025-14097.\u003cbr\u003e\u003cbr\u003eAffected customers have been informed about this vulnerability. This CVE is being published to provide transparency.\u003cbr\u003e\u003cbr\u003eRequired configuration for Exposure:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePhysical access to the analyzer is needed.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eTemporary work Around:\u003cbr\u003e\n\nOnly authorized people can physically access the analyzer. \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003ePermanent solution:\u003cbr\u003e\u003c/span\u003eLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eExploit Status:\u003cbr\u003eResearchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Note: \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems\u003c/span\u003e\u0026nbsp;and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A \"Privilege boundary violation\" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.\u00a0\n\nOther related CVE\u0027s are CVE-2025-14096 \u0026 CVE-2025-14097.\n\nAffected customers have been informed about this vulnerability. This CVE is being published to provide transparency.\n\nRequired configuration for Exposure:\n\n\nPhysical access to the analyzer is needed.\n\nTemporary work Around:\n\n\nOnly authorized people can physically access the analyzer. \n\nPermanent solution:\nLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\n\n\n\nExploit Status:\nResearchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Note: \n\nCVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems\u00a0and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.\n\n\u003cbr\u003e"
}
],
"value": "Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233: Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "When underlying OS is Windows7 or WinXp"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "When underlying OS is Win8, Win10"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 \u2014 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T14:07:28.754Z",
"orgId": "46b595e9-1acc-41cb-9398-adaf98d37a9b",
"shortName": "Radiometer"
},
"references": [
{
"url": "https://www.radiometer.com/myradiometer"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local Radiometer representatives will contact all affected customers to discuss a permanent solution.\n\n\n\n\u003cbr\u003e"
}
],
"value": "Local Radiometer representatives will contact all affected customers to discuss a permanent solution."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-12-17T12:55:00.000Z",
"value": "CVE published"
}
],
"title": "Privilege boundary violation in Radiometer Products",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Only authorized people can physically access the analyzer.\n\n\n\n\u003cbr\u003e"
}
],
"value": "Only authorized people can physically access the analyzer."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "46b595e9-1acc-41cb-9398-adaf98d37a9b",
"assignerShortName": "Radiometer",
"cveId": "CVE-2025-14095",
"datePublished": "2025-12-17T11:45:43.341Z",
"dateReserved": "2025-12-05T10:49:53.501Z",
"dateUpdated": "2025-12-17T21:46:57.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14195 (GCVE-0-2025-14195)
Vulnerability from cvelistv5 – Published: 2025-12-07 15:02 – Updated: 2026-02-24 05:42 X_Freeware
VLAI
Title
code-projects Employee Profile Management System add_file_query.php unrestricted upload
Summary
A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/add_file_query.php. The manipulation of the argument per_file results in unrestricted upload. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.334615 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.334615 | signaturepermissions-required |
| https://vuldb.com/?submit.699247 | third-party-advisory |
| https://github.com/shenxianyuguitian/employee-man… | exploit |
| https://code-projects.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Employee Profile Management System |
Affected:
1.0
cpe:2.3:a:code-projects:employee_profile_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14195",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T15:55:39.741575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T15:55:52.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:code-projects:employee_profile_management_system:*:*:*:*:*:*:*:*"
],
"product": "Employee Profile Management System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xuanyuesanshi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/add_file_query.php. The manipulation of the argument per_file results in unrestricted upload. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T05:42:38.842Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-334615 | code-projects Employee Profile Management System add_file_query.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.334615"
},
{
"name": "VDB-334615 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.334615"
},
{
"name": "Submit #699247 | code-projects Employee Profile Management System published November 15, 2025 Unrestricted Upload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.699247"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/shenxianyuguitian/employee-management-UFU"
},
{
"tags": [
"product"
],
"url": "https://code-projects.org/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2025-12-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-11T05:04:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects Employee Profile Management System add_file_query.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14195",
"datePublished": "2025-12-07T15:02:05.771Z",
"dateReserved": "2025-12-06T17:22:02.799Z",
"dateUpdated": "2026-02-24T05:42:38.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14197 (GCVE-0-2025-14197)
Vulnerability from cvelistv5 – Published: 2025-12-07 16:02 – Updated: 2025-12-08 15:54
VLAI
Title
Verysync 微力同步 Web Administration f96956469e7be39d information disclosure
Summary
A security vulnerability has been detected in Verysync 微力同步 up to 2.21.3. The impacted element is an unknown function of the file /rest/f/api/resources/f96956469e7be39d of the component Web Administration Module. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.334617 | vdb-entry |
| https://vuldb.com/?ctiid.334617 | signaturepermissions-required |
| https://vuldb.com/?submit.699498 | third-party-advisory |
| https://vuldb.com/?submit.699537 | third-party-advisory |
| https://github.com/jjjjj-zr/jjjjjzr/issues/6 | issue-tracking |
| https://github.com/jjjjj-zr/jjjjjzr/issues/8 | exploitissue-tracking |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14197",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T15:53:57.568409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T15:54:26.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Administration Module"
],
"product": "\u5fae\u529b\u540c\u6b65",
"vendor": "Verysync",
"versions": [
{
"status": "affected",
"version": "2.21.0"
},
{
"status": "affected",
"version": "2.21.1"
},
{
"status": "affected",
"version": "2.21.2"
},
{
"status": "affected",
"version": "2.21.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jjjjjzr (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Verysync \u5fae\u529b\u540c\u6b65 up to 2.21.3. The impacted element is an unknown function of the file /rest/f/api/resources/f96956469e7be39d of the component Web Administration Module. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-07T16:02:05.996Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-334617 | Verysync \u5fae\u529b\u540c\u6b65 Web Administration f96956469e7be39d information disclosure",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.334617"
},
{
"name": "VDB-334617 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.334617"
},
{
"name": "Submit #699498 | Beijing Weili Digital Technology Co., Ltd \u5fae\u529b\u540c\u6b65 v2.21.3 Unauthorized Access",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.699498"
},
{
"name": "Submit #699537 | Beijing Weili Digital Technology Co., Ltd \u5fae\u529b\u540c\u6b65 v2.21.3 Arbitrary File Read (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.699537"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/jjjjj-zr/jjjjjzr/issues/6"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/jjjjj-zr/jjjjjzr/issues/8"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-06T18:39:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "Verysync \u5fae\u529b\u540c\u6b65 Web Administration f96956469e7be39d information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14197",
"datePublished": "2025-12-07T16:02:05.996Z",
"dateReserved": "2025-12-06T17:34:10.995Z",
"dateUpdated": "2025-12-08T15:54:26.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14198 (GCVE-0-2025-14198)
Vulnerability from cvelistv5 – Published: 2025-12-07 16:32 – Updated: 2025-12-08 17:12
VLAI
Title
Verysync 微力同步 Web Administration download information disclosure
Summary
A vulnerability was detected in Verysync 微力同步 2.21.3. This affects an unknown function of the file /safebrowsing/clientreport/download?key=dummytoken of the component Web Administration Module. Performing manipulation results in information disclosure. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.334618 | vdb-entry |
| https://vuldb.com/?ctiid.334618 | signaturepermissions-required |
| https://vuldb.com/?submit.699533 | third-party-advisory |
| https://github.com/jjjjj-zr/jjjjjzr/issues/7 | exploitissue-tracking |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14198",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T17:03:03.743390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T17:12:34.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/jjjjj-zr/jjjjjzr/issues/7"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Administration Module"
],
"product": "\u5fae\u529b\u540c\u6b65",
"vendor": "Verysync",
"versions": [
{
"status": "affected",
"version": "2.21.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jjjjjzr (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Verysync \u5fae\u529b\u540c\u6b65 2.21.3. This affects an unknown function of the file /safebrowsing/clientreport/download?key=dummytoken of the component Web Administration Module. Performing manipulation results in information disclosure. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-07T16:32:06.232Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-334618 | Verysync \u5fae\u529b\u540c\u6b65 Web Administration download information disclosure",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.334618"
},
{
"name": "VDB-334618 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.334618"
},
{
"name": "Submit #699533 | Beijing Weili Digital Technology Co., Ltd \u5fae\u529b\u540c\u6b65 v2.21.3 Download any file",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.699533"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/jjjjj-zr/jjjjjzr/issues/7"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-06T18:39:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "Verysync \u5fae\u529b\u540c\u6b65 Web Administration download information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14198",
"datePublished": "2025-12-07T16:32:06.232Z",
"dateReserved": "2025-12-06T17:34:31.891Z",
"dateUpdated": "2025-12-08T17:12:34.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14199 (GCVE-0-2025-14199)
Vulnerability from cvelistv5 – Published: 2025-12-07 17:02 – Updated: 2025-12-08 17:12
VLAI
Title
Verysync 微力同步 Web Administration text.txt unrestricted upload
Summary
A flaw has been found in Verysync 微力同步 up to 2.21.3. This impacts an unknown function of the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false of the component Web Administration Module. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.334619 | vdb-entry |
| https://vuldb.com/?ctiid.334619 | signaturepermissions-required |
| https://vuldb.com/?submit.699539 | third-party-advisory |
| https://github.com/jjjjj-zr/jjjjjzr/issues/10 | exploitissue-tracking |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14199",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T17:02:56.716406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T17:12:27.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/jjjjj-zr/jjjjjzr/issues/10"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Administration Module"
],
"product": "\u5fae\u529b\u540c\u6b65",
"vendor": "Verysync",
"versions": [
{
"status": "affected",
"version": "2.21.0"
},
{
"status": "affected",
"version": "2.21.1"
},
{
"status": "affected",
"version": "2.21.2"
},
{
"status": "affected",
"version": "2.21.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jjjjjzr (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Verysync \u5fae\u529b\u540c\u6b65 up to 2.21.3. This impacts an unknown function of the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false of the component Web Administration Module. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-07T17:02:06.806Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-334619 | Verysync \u5fae\u529b\u540c\u6b65 Web Administration text.txt unrestricted upload",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.334619"
},
{
"name": "VDB-334619 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.334619"
},
{
"name": "Submit #699539 | Beijing Weili Digital Technology Co., Ltd \u5fae\u529b\u540c\u6b65 v2.21.3 Upload Any File",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.699539"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/jjjjj-zr/jjjjjzr/issues/10"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-06T18:39:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "Verysync \u5fae\u529b\u540c\u6b65 Web Administration text.txt unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14199",
"datePublished": "2025-12-07T17:02:06.806Z",
"dateReserved": "2025-12-06T17:34:34.823Z",
"dateUpdated": "2025-12-08T17:12:27.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14219 (GCVE-0-2025-14219)
Vulnerability from cvelistv5 – Published: 2025-12-08 06:02 – Updated: 2026-02-24 05:44 X_Freeware
VLAI
Title
Campcodes Retro Basketball Shoes Online Store admin_running.php unrestricted upload
Summary
A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_running.php. Executing a manipulation of the argument product_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.334661 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.334661 | signaturepermissions-required |
| https://vuldb.com/?submit.701209 | third-party-advisory |
| https://github.com/yyue02/cve/issues/1 | exploitissue-tracking |
| https://www.campcodes.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Campcodes | Retro Basketball Shoes Online Store |
Affected:
1.0
cpe:2.3:a:campcodes:retro_basketball_shoes_online_store:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14219",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T17:01:15.381734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T17:11:22.892Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/yyue02/cve/issues/1"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:campcodes:retro_basketball_shoes_online_store:*:*:*:*:*:*:*:*"
],
"product": "Retro Basketball Shoes Online Store",
"vendor": "Campcodes",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yueyue (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_running.php. Executing a manipulation of the argument product_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T05:44:07.983Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-334661 | Campcodes Retro Basketball Shoes Online Store admin_running.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.334661"
},
{
"name": "VDB-334661 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.334661"
},
{
"name": "Submit #701209 | Campcodes Retro Basketball Shoes Online Store V1.0 Unrestricted Upload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.701209"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/yyue02/cve/issues/1"
},
{
"tags": [
"product"
],
"url": "https://www.campcodes.com/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2025-12-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-07T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-11T05:04:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "Campcodes Retro Basketball Shoes Online Store admin_running.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14219",
"datePublished": "2025-12-08T06:02:07.585Z",
"dateReserved": "2025-12-07T15:20:11.868Z",
"dateUpdated": "2026-02-24T05:44:07.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14286 (GCVE-0-2025-14286)
Vulnerability from cvelistv5 – Published: 2025-12-09 01:32 – Updated: 2026-02-24 05:45
VLAI
Title
Tenda AC9 Configuration File DownloadCfg.jpg information disclosure
Summary
A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.334874 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.334874 | signaturepermissions-required |
| https://vuldb.com/?submit.702723 | third-party-advisory |
| https://github.com/Madgeaaaaa/MY_VULN_2/blob/main… | exploit |
| https://www.tenda.com.cn/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14286",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:35:32.257434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T16:03:13.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN11.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:ac9_firmware:*:*:*:*:*:*:*:*"
],
"modules": [
"Configuration File Handler"
],
"product": "AC9",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.14_multi"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jiahui2888 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T05:45:24.166Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-334874 | Tenda AC9 Configuration File DownloadCfg.jpg information disclosure",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.334874"
},
{
"name": "VDB-334874 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.334874"
},
{
"name": "Submit #702723 | Tenda AC9 V1.0 V15.03.05.14_multi Information Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.702723"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN11.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-08T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-12T08:32:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC9 Configuration File DownloadCfg.jpg information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14286",
"datePublished": "2025-12-09T01:32:07.198Z",
"dateReserved": "2025-12-08T18:49:39.958Z",
"dateUpdated": "2026-02-24T05:45:24.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14338 (GCVE-0-2025-14338)
Vulnerability from cvelistv5 – Published: 2026-01-14 11:55 – Updated: 2026-01-14 14:53
VLAI
Title
Polkit authentication dis isabled by default in inputplumber
Summary
Polkit authentication dis isabled by default and a race
condition in the Polkit authorization check in versions before v0.69.0 can
lead to the same issues as in CVE-2025-66005.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| https://github.com/ShadowBlip | inputplumber |
Affected:
? , < 0.63.0
(semver)
|
Date Public
2026-01-09 09:04
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T14:53:35.423022Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:53:44.027Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "inputplumber",
"product": "inputplumber",
"vendor": "https://github.com/ShadowBlip",
"versions": [
{
"lessThan": "0.63.0",
"status": "affected",
"version": "?",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthias Gerstner of SUSE"
}
],
"datePublic": "2026-01-09T09:04:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Polkit authentication dis isabled by default and a race\ncondition in the Polkit authorization check in versions before v0.69.0 can\nlead to the same issues as in CVE-2025-66005.\u003cbr\u003e"
}
],
"value": "Polkit authentication dis isabled by default and a race\ncondition in the Polkit authorization check in versions before v0.69.0 can\nlead to the same issues as in CVE-2025-66005."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T11:55:31.845Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-14338"
},
{
"url": "https://security.opensuse.org/2026/01/09/inputplumber-lack-of-dbus-auth.html"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Polkit authentication dis isabled by default in inputplumber",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2025-14338",
"datePublished": "2026-01-14T11:55:31.845Z",
"dateReserved": "2025-12-09T14:05:15.608Z",
"dateUpdated": "2026-01-14T14:53:44.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14522 (GCVE-0-2025-14522)
Vulnerability from cvelistv5 – Published: 2025-12-11 16:02 – Updated: 2025-12-11 16:20
VLAI
Title
baowzh hfly upload_json.php unrestricted upload
Summary
A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/upload_json.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.335860 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.335860 | signaturepermissions-required |
| https://vuldb.com/?submit.702950 | third-party-advisory |
| https://github.com/Xor-Gerke/webray.com.cn/blob/m… | broken-linkexploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14522",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T16:19:29.939561Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T16:20:48.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hfly",
"vendor": "baowzh",
"versions": [
{
"status": "affected",
"version": "638ff9abe9078bc977c132b37acbe1900b63491c"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "webray.com.cn (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/upload_json.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T16:02:17.031Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-335860 | baowzh hfly upload_json.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.335860"
},
{
"name": "VDB-335860 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.335860"
},
{
"name": "Submit #702950 | GitHub hfly 1.0 Stored Cross-Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.702950"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/PHP-based%20travel%20website-CMS/PHP-based%20travel%20website-CMS%20upload_json.php%20imgFile%20XSS-File-Upload.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-11T08:05:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "baowzh hfly upload_json.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14522",
"datePublished": "2025-12-11T16:02:17.031Z",
"dateReserved": "2025-12-11T07:00:46.142Z",
"dateUpdated": "2025-12-11T16:20:48.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14528 (GCVE-0-2025-14528)
Vulnerability from cvelistv5 – Published: 2025-12-11 17:02 – Updated: 2025-12-11 19:36 Unsupported When Assigned
VLAI
Title
D-Link DIR-803 Configuration getcfg.php information disclosure
Summary
A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.335869 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.335869 | signaturepermissions-required |
| https://vuldb.com/?submit.703150 | third-party-advisory |
| https://github.com/Madgeaaaaa/MY_VULN_2/blob/main… | broken-link |
| https://github.com/Madgeaaaaa/MY_VULN_2/blob/main… | exploit |
| https://www.dlink.com/ | product |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14528",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T19:19:47.874510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T19:36:04.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-2/DIR-803%20Authentication%20Bypass.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-2/DIR-803%20Authentication%20Bypass.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Configuration Handler"
],
"product": "DIR-803",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.04"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jiahui2888 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T17:02:15.495Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-335869 | D-Link DIR-803 Configuration getcfg.php information disclosure",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.335869"
},
{
"name": "VDB-335869 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.335869"
},
{
"name": "Submit #703150 | D-Link DIR-803 1.04 and earlier Authorization Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.703150"
},
{
"tags": [
"broken-link"
],
"url": "https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-2/DIR-803%20Authentication%20Bypass.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-2/DIR-803%20Authentication%20Bypass.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2025-12-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-11T09:45:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DIR-803 Configuration getcfg.php information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14528",
"datePublished": "2025-12-11T17:02:15.495Z",
"dateReserved": "2025-12-11T08:40:04.683Z",
"dateUpdated": "2025-12-11T19:36:04.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-46
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-19: Embedding Scripts within Scripts
An adversary leverages the capability to execute their own script by embedding it within other scripts that the target software is likely to execute due to programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts.
CAPEC-441: Malicious Logic Insertion
An adversary installs or adds malicious logic (also known as malware) into a seemingly benign component of a fielded system. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. With the proliferation of mass digital storage and inexpensive multimedia devices, Bluetooth and 802.11 support, new attack vectors for spreading malware are emerging for things we once thought of as innocuous greeting cards, picture frames, or digital projectors. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems and their components that are still under development and part of the supply chain.
CAPEC-478: Modification of Windows Service Configuration
An adversary exploits a weakness in access control to modify the execution parameters of a Windows service. The goal of this attack is to execute a malicious binary in place of an existing service.
CAPEC-479: Malicious Root Certificate
An adversary exploits a weakness in authorization and installs a new root certificate on a compromised system. Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website. Adversaries have used this technique to avoid security warnings prompting users when compromised systems connect over HTTPS to adversary controlled web servers that spoof legitimate websites in order to collect login credentials.
CAPEC-502: Intent Spoof
An adversary, through a previously installed malicious application, issues an intent directed toward a specific trusted application's component in an attempt to achieve a variety of different objectives including modification of data, information disclosure, and data injection. Components that have been unintentionally exported and made public are subject to this type of an attack. If the component trusts the intent's action without verififcation, then the target application performs the functionality at the adversary's request, helping the adversary achieve the desired negative technical impact.
CAPEC-503: WebView Exposure
An adversary, through a malicious web page, accesses application specific functionality by leveraging interfaces registered through WebView's addJavascriptInterface API. Once an interface is registered to WebView through addJavascriptInterface, it becomes global and all pages loaded in the WebView can call this interface.
CAPEC-536: Data Injected During Configuration
An attacker with access to data files and processes on a victim's system injects malicious data into critical operational data during configuration or recalibration, causing the victim's system to perform in a suboptimal manner that benefits the adversary.
CAPEC-546: Incomplete Data Deletion in a Multi-Tenant Environment
An adversary obtains unauthorized information due to insecure or incomplete data deletion in a multi-tenant environment. If a cloud provider fails to completely delete storage and data from former cloud tenants' systems/resources, once these resources are allocated to new, potentially malicious tenants, the latter can probe the provided resources for sensitive information still there.
CAPEC-550: Install New Service
When an operating system starts, it also starts programs called services or daemons. Adversaries may install a new service which will be executed at startup (on a Windows system, by modifying the registry). The service name may be disguised by using a name from a related operating system or benign software. Services are usually run with elevated privileges.
CAPEC-551: Modify Existing Service
When an operating system starts, it also starts programs called services or daemons. Modifying existing services may break existing services or may enable services that are disabled/not commonly used.
CAPEC-552: Install Rootkit
An adversary exploits a weakness in authentication to install malware that alters the functionality and information provide by targeted operating system API calls. Often referred to as rootkits, it is often used to hide the presence of programs, files, network connections, services, drivers, and other system components.
CAPEC-556: Replace File Extension Handlers
When a file is opened, its file handler is checked to determine which program opens the file. File handlers are configuration properties of many operating systems. Applications can modify the file handler for a given file extension to call an arbitrary program when a file with the given extension is opened.
CAPEC-558: Replace Trusted Executable
An adversary exploits weaknesses in privilege management or access control to replace a trusted executable with a malicious version and enable the execution of malware when that trusted executable is called.
CAPEC-562: Modify Shared File
An adversary manipulates the files in a shared location by adding malicious programs, scripts, or exploit code to valid content. Once a user opens the shared content, the tainted content is executed.
CAPEC-563: Add Malicious File to Shared Webroot
An adversaries may add malicious content to a website through the open file share and then browse to that content with a web browser to cause the server to execute the content. The malicious content will typically run under the context and permissions of the web server process, often resulting in local system or administrative privileges depending on how the web server is configured.
CAPEC-564: Run Software at Logon
Operating system allows logon scripts to be run whenever a specific user or users logon to a system. If adversaries can access these scripts, they may insert additional code into the logon script. This code can allow them to maintain persistence or move laterally within an enclave because it is executed every time the affected user or users logon to a computer. Modifying logon scripts can effectively bypass workstation and enclave firewalls. Depending on the access configuration of the logon scripts, either local credentials or a remote administrative account may be necessary.
CAPEC-578: Disable Security Software
An adversary exploits a weakness in access control to disable security tools so that detection does not occur. This can take the form of killing processes, deleting registry keys so that tools do not start at run time, deleting log files, or other methods.