CWE-288
Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
CVE-2025-0181 (GCVE-0-2025-0181)
Vulnerability from cvelistv5 – Published: 2025-02-11 06:54 – Updated: 2026-04-08 17:26
VLAI
Title
WP Foodbakery <= 4.8 - Authentication Bypass in foodbakery_parse_request
Summary
The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.8. This is due to the plugin not properly validating a user's identity prior to setting the current user and their authentication cookie. This makes it possible for unauthenticated attackers to gain access to a target user's (e.g. administrators) account.
Severity
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Chimpstudio | WP Foodbakery |
Affected:
0 , ≤ 4.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:27:29.543559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:27:43.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Foodbakery",
"vendor": "Chimpstudio",
"versions": [
{
"lessThanOrEqual": "4.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tonn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.8. This is due to the plugin not properly validating a user\u0027s identity prior to setting the current user and their authentication cookie. This makes it possible for unauthenticated attackers to gain access to a target user\u0027s (e.g. administrators) account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:26:32.148Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d722ec8d-bfca-4da1-8eb0-8d33735c5e44?source=cve"
},
{
"url": "https://themeforest.net/item/food-bakery-restaurant-bakery-responsive-wordpress-theme/18970331"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-01T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-02-10T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WP Foodbakery \u003c= 4.8 - Authentication Bypass in foodbakery_parse_request"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-0181",
"datePublished": "2025-02-11T06:54:34.607Z",
"dateReserved": "2025-01-02T20:46:55.396Z",
"dateUpdated": "2026-04-08T17:26:32.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0316 (GCVE-0-2025-0316)
Vulnerability from cvelistv5 – Published: 2025-02-08 21:20 – Updated: 2026-04-08 16:48
VLAI
Title
WP Directorybox Manager <= 2.5 - Authentication Bypass
Summary
The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_enquiry_agent_contact_form_submit_callback' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.
Severity
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Chimpstudio | WP Directorybox Manager |
Affected:
0 , ≤ 2.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T13:36:47.008823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:51:41.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Directorybox Manager",
"vendor": "Chimpstudio",
"versions": [
{
"lessThanOrEqual": "2.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. This is due to incorrect authentication in the \u0027wp_dp_enquiry_agent_contact_form_submit_callback\u0027 function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:48:05.213Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ee1f412-7555-4dec-ba59-49412471a42f?source=cve"
},
{
"url": "https://themeforest.net/item/directory-multipurpose-wordpress-theme/10480929"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-07T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-01-07T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-02-08T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WP Directorybox Manager \u003c= 2.5 - Authentication Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-0316",
"datePublished": "2025-02-08T21:20:58.901Z",
"dateReserved": "2025-01-07T18:43:54.464Z",
"dateUpdated": "2026-04-08T16:48:05.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0364 (GCVE-0-2025-0364)
Vulnerability from cvelistv5 – Published: 2025-02-04 17:51 – Updated: 2026-05-14 02:07
VLAI
Title
BigAntSoft BigAnt Server Account Registration Bypass to File Upload RCE
Summary
BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution.
Severity
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BigAntSoft | BigAnt Server |
Affected:
0 , ≤ 5.6.06
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0364",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T19:39:51.605821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:40:12.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/vulncheck-oss/cve-2025-0364"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BigAnt Server",
"vendor": "BigAntSoft",
"versions": [
{
"lessThanOrEqual": "5.6.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bigantsoft:bigant_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.6.06",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cale Black"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eBigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the \"Cloud Storage Addin,\" leading to unauthenticated code execution.\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the \"Cloud Storage Addin,\" leading to unauthenticated code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
},
{
"capecId": "CAPEC-650",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-650 Upload a Web Shell to a Web Server"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:07:17.176Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"url": "https://vulncheck.com/advisories/big-ant-upload-rce"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BigAntSoft BigAnt Server Account Registration Bypass to File Upload RCE",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-0364",
"datePublished": "2025-02-04T17:51:18.472Z",
"dateReserved": "2025-01-09T16:09:37.470Z",
"dateUpdated": "2026-05-14T02:07:17.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0549 (GCVE-0-2025-0549)
Vulnerability from cvelistv5 – Published: 2025-05-09 16:13 – Updated: 2025-05-09 19:58
VLAI
Title
Authentication Bypass Using an Alternate Path or Channel in GitLab
Summary
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction.
Severity
6.8 (Medium)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/513996 | issue-trackingpermissions-required |
| https://hackerone.com/reports/2927555 | technical-descriptionexploitpermissions-required |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0549",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T19:55:41.860099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T19:58:30.277Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "17.9.8",
"status": "affected",
"version": "17.3",
"versionType": "semver"
},
{
"lessThan": "17.10.6",
"status": "affected",
"version": "17.10",
"versionType": "semver"
},
{
"lessThan": "17.11.2",
"status": "affected",
"version": "17.11",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [sim4n6](https://hackerone.com/sim4n6) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T16:13:23.860Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #513996",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/513996"
},
{
"name": "HackerOne Bug Bounty Report #2927555",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/2927555"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 17.9.8, 17.10.6, 17.11.2 or above."
}
],
"title": "Authentication Bypass Using an Alternate Path or Channel in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-0549",
"datePublished": "2025-05-09T16:13:23.860Z",
"dateReserved": "2025-01-17T16:30:39.921Z",
"dateUpdated": "2025-05-09T19:58:30.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0674 (GCVE-0-2025-0674)
Vulnerability from cvelistv5 – Published: 2025-02-06 23:42 – Updated: 2025-02-12 19:41
VLAI
Title
Elber Communications Equipment Authentication Bypass Using an Alternate Path or Channel
Summary
Multiple Elber products are affected by an authentication bypass
vulnerability which allows unauthorized access to the password
management functionality. Attackers can exploit this issue by
manipulating the endpoint to overwrite any user's password within the
system. This grants them unauthorized administrative access to protected
areas of the application, compromising the device's system security.
Severity
9.8 (Critical)
CWE
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Elber | Signum DVB-S/S2 IRD |
Affected:
0 , ≤ 1.999
(custom)
|
|
| Elber | Cleber/3 Broadcast Multi-Purpose Platform |
Affected:
1.0
|
|
| Elber | Reble610 M/ODU XPIC IP-ASI-SDH |
Affected:
0.01
|
|
| Elber | ESE DVB-S/S2 Satellite Receiver |
Affected:
0 , ≤ 1.5.179
(custom)
|
|
| Elber | Wayber Analog/Digital Audio STL |
Affected:
4
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:16:22.044171Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T19:41:07.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Signum DVB-S/S2 IRD",
"vendor": "Elber",
"versions": [
{
"lessThanOrEqual": "1.999",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cleber/3 Broadcast Multi-Purpose Platform",
"vendor": "Elber",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Reble610 M/ODU XPIC IP-ASI-SDH",
"vendor": "Elber",
"versions": [
{
"status": "affected",
"version": "0.01"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ESE DVB-S/S2 Satellite Receiver",
"vendor": "Elber",
"versions": [
{
"lessThanOrEqual": "1.5.179",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Wayber Analog/Digital Audio STL",
"vendor": "Elber",
"versions": [
{
"status": "affected",
"version": "4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gjoko Krstic of Zero Science Lab reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple Elber products are affected by an authentication bypass \nvulnerability which allows unauthorized access to the password \nmanagement functionality. Attackers can exploit this issue by \nmanipulating the endpoint to overwrite any user\u0027s password within the \nsystem. This grants them unauthorized administrative access to protected\n areas of the application, compromising the device\u0027s system security."
}
],
"value": "Multiple Elber products are affected by an authentication bypass \nvulnerability which allows unauthorized access to the password \nmanagement functionality. Attackers can exploit this issue by \nmanipulating the endpoint to overwrite any user\u0027s password within the \nsystem. This grants them unauthorized administrative access to protected\n areas of the application, compromising the device\u0027s system security."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T23:42:33.517Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-03"
}
],
"source": {
"advisory": "ICSA-25-035-03",
"discovery": "EXTERNAL"
},
"title": "Elber Communications Equipment Authentication Bypass Using an Alternate Path or Channel",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Elber does not plan to mitigate these vulnerabilities because this \nequipment is either end of life or almost end of life. Users of affected\n versions of Elber Signum DVB-S/S2 IRD, Cleber/3 Broadcast Multi-Purpose\n Platform, Reble610 M/ODU XPIC IP-ASI-SDH, ESE DVB-S/S2 Satellite \nReceiver, and Wayber Analog/Digital Audio STL are invited to contact \nElber \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://elber.it/en/elber-contacts.php\"\u003ecustomer support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Elber does not plan to mitigate these vulnerabilities because this \nequipment is either end of life or almost end of life. Users of affected\n versions of Elber Signum DVB-S/S2 IRD, Cleber/3 Broadcast Multi-Purpose\n Platform, Reble610 M/ODU XPIC IP-ASI-SDH, ESE DVB-S/S2 Satellite \nReceiver, and Wayber Analog/Digital Audio STL are invited to contact \nElber customer support https://elber.it/en/elber-contacts.php for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-0674",
"datePublished": "2025-02-06T23:42:33.517Z",
"dateReserved": "2025-01-23T15:00:24.797Z",
"dateUpdated": "2025-02-12T19:41:07.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0749 (GCVE-0-2025-0749)
Vulnerability from cvelistv5 – Published: 2025-03-07 01:44 – Updated: 2026-04-08 16:33
VLAI
Title
Homey <= 2.4.3 - Limited Authentication Bypass due to Missing Empty Value Check
Summary
The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.3. This is due to the 'verification_id' value being set to empty, and the not empty check is missing in the dashboard user profile page. This makes it possible for unauthenticated attackers to log in to the first verified user.
Severity
8.1 (High)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fave Themes | Homey |
Affected:
0 , ≤ 2.4.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T16:31:42.572591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T16:32:11.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Homey",
"vendor": "Fave Themes",
"versions": [
{
"lessThanOrEqual": "2.4.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.3. This is due to the \u0027verification_id\u0027 value being set to empty, and the not empty check is missing in the dashboard user profile page. This makes it possible for unauthenticated attackers to log in to the first verified user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:33:33.767Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/05f87510-28c3-4ad1-b2be-2408a199cf68?source=cve"
},
{
"url": "https://favethemes.zendesk.com/hc/en-us/articles/4407721124884-Changelog"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-27T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-01-27T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-03-06T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Homey \u003c= 2.4.3 - Limited Authentication Bypass due to Missing Empty Value Check"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-0749",
"datePublished": "2025-03-07T01:44:53.516Z",
"dateReserved": "2025-01-27T13:37:29.548Z",
"dateUpdated": "2026-04-08T16:33:33.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10294 (GCVE-0-2025-10294)
Vulnerability from cvelistv5 – Published: 2025-10-15 08:26 – Updated: 2026-04-08 17:17
VLAI
Title
OwnID Passwordless Login <= 1.3.4 - Authentication Bypass
Summary
The OwnID Passwordless Login plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.4. This is due to the plugin not properly checking if the ownid_shared_secret value is empty prior to authenticating a user via JWT. This makes it possible for unauthenticated attackers to log in as other users, including administrators, on instances where the plugin has not been fully configured yet.
Severity
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| victornavarro | OwnID Passwordless Login |
Affected:
0 , ≤ 1.3.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10294",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T13:23:41.054643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T14:54:13.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OwnID Passwordless Login",
"vendor": "victornavarro",
"versions": [
{
"lessThanOrEqual": "1.3.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jonas Benjamin Friedli"
}
],
"descriptions": [
{
"lang": "en",
"value": "The OwnID Passwordless Login plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.4. This is due to the plugin not properly checking if the ownid_shared_secret value is empty prior to authenticating a user via JWT. This makes it possible for unauthenticated attackers to log in as other users, including administrators, on instances where the plugin has not been fully configured yet."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:17:52.279Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b8dd6008-e9b8-4a87-b1c7-0dc272850cbd?source=cve"
},
{
"url": "https://wordpress.org/plugins/ownid-passwordless-login/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-14T19:34:27.000Z",
"value": "Disclosed"
}
],
"title": "OwnID Passwordless Login \u003c= 1.3.4 - Authentication Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10294",
"datePublished": "2025-10-15T08:26:01.063Z",
"dateReserved": "2025-09-11T19:57:38.707Z",
"dateUpdated": "2026-04-08T17:17:52.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10484 (GCVE-0-2025-10484)
Vulnerability from cvelistv5 – Published: 2026-01-17 08:24 – Updated: 2026-04-08 16:58
VLAI
Title
Registration & Login with Mobile Phone Number for WooCommerce <= 1.3.1 - Authentication Bypass
Summary
The Registration & Login with Mobile Phone Number for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.1. This is due to the plugin not properly verifying a users identity prior to authenticating them via the fma_lwp_set_session_php_fun() function. This makes it possible for unauthenticated attackers to authenticate as any user on the site, including administrators, without a valid password.
Severity
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FmeAddons | Registration & Login with Mobile Phone Number for WooCommerce |
Affected:
0 , ≤ 1.3.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10484",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T19:17:47.172522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T19:23:24.113Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Registration \u0026 Login with Mobile Phone Number for WooCommerce",
"vendor": "FmeAddons",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vahan Petrosyan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Registration \u0026 Login with Mobile Phone Number for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.1. This is due to the plugin not properly verifying a users identity prior to authenticating them via the fma_lwp_set_session_php_fun() function. This makes it possible for unauthenticated attackers to authenticate as any user on the site, including administrators, without a valid password."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:58:55.363Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6aef6fbb-be8c-49e1-ada5-7b4aa8b2ff72?source=cve"
},
{
"url": "https://woocommerce.com/products/registration-login-with-mobile-phone-number/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-16T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Registration \u0026 Login with Mobile Phone Number for WooCommerce \u003c= 1.3.1 - Authentication Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10484",
"datePublished": "2026-01-17T08:24:30.759Z",
"dateReserved": "2025-09-15T14:03:41.704Z",
"dateUpdated": "2026-04-08T16:58:55.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10538 (GCVE-0-2025-10538)
Vulnerability from cvelistv5 – Published: 2025-10-01 04:02 – Updated: 2025-10-01 14:59 Unsupported When Assigned
VLAI
Title
Authentication Bypass in LG Innotek Camera
Summary
An authentication bypass vulnerability exists in LG Innotek camera models LND7210 and LNV7210R. The vulnerability allows a malicious actor to gain access to camera information including user account information.
Severity
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| LG Innotek | Camera Model LND7210 |
Affected:
0 , ≤ 2061.0.0.1608317
(custom)
|
|
| LG Innotek | Camera Model LNV7210R |
Affected:
0 , ≤ 2237.0.0.1505220
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10538",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T14:59:35.797475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T14:59:48.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Camera Model LND7210",
"vendor": "LG Innotek",
"versions": [
{
"lessThanOrEqual": "2061.0.0.1608317",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Camera Model LNV7210R",
"vendor": "LG Innotek",
"versions": [
{
"lessThanOrEqual": "2237.0.0.1505220",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authentication bypass vulnerability exists in LG Innotek camera models LND7210 and LNV7210R. The vulnerability allows a malicious actor to gain access to camera information including user account information."
}
],
"value": "An authentication bypass vulnerability exists in LG Innotek camera models LND7210 and LNV7210R. The vulnerability allows a malicious actor to gain access to camera information including user account information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T04:02:35.188Z",
"orgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb",
"shortName": "LGE"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Authentication Bypass in LG Innotek Camera",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb",
"assignerShortName": "LGE",
"cveId": "CVE-2025-10538",
"datePublished": "2025-10-01T04:02:35.188Z",
"dateReserved": "2025-09-16T07:27:02.349Z",
"dateUpdated": "2025-10-01T14:59:48.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10571 (GCVE-0-2025-10571)
Vulnerability from cvelistv5 – Published: 2025-11-20 18:06 – Updated: 2025-11-21 16:05
VLAI
Title
ABB Ability Edgenius Authentication Bypass
Summary
Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1.
Severity
9.6 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://search.abb.com/library/Download.aspx?Docu… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | ABB Ability Edgenius |
Affected:
3.2.0.0
Affected: 3.2.1.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10571",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-21T16:05:15.558943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T16:05:22.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ABB Ability Edgenius",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "3.2.0.0"
},
{
"status": "affected",
"version": "3.2.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.\u003cp\u003eThis issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1.\u003c/p\u003e"
}
],
"value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T18:06:00.586Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA022088\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ABB has prepared an update to fix this vulnerability included in the latest Roll-Up, ABB Ability Edgenius \nversion 3.2.2.0. \nABB advises customers to upgrade as soon as possible. Until the upgrade is applied, ABB advises customers to disable the Edgenius Management Portal to mitigate the vulnerability.\n\n\u003cbr\u003e"
}
],
"value": "ABB has prepared an update to fix this vulnerability included in the latest Roll-Up, ABB Ability Edgenius \nversion 3.2.2.0. \nABB advises customers to upgrade as soon as possible. Until the upgrade is applied, ABB advises customers to disable the Edgenius Management Portal to mitigate the vulnerability."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB Ability Edgenius Authentication Bypass",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Workarounds are specific measures that a user can take to help block an attack, for example, temporarily disabling the vulnerable feature may remove the exposure with well-known impact on functionality. ABB has tested the following workaround.\n\n \n\n\u003cbr\u003e"
}
],
"value": "Workarounds are specific measures that a user can take to help block an attack, for example, temporarily disabling the vulnerable feature may remove the exposure with well-known impact on functionality. ABB has tested the following workaround."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2025-10571",
"datePublished": "2025-11-20T18:06:00.586Z",
"dateReserved": "2025-09-16T16:33:45.185Z",
"dateUpdated": "2025-11-21T16:05:22.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.