CWE-305
Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
CVE-2024-9683 (GCVE-0-2024-9683)
Vulnerability from cvelistv5 – Published: 2024-10-17 14:08 – Updated: 2025-11-07 00:44
VLAI
Title
Quay: quay allows successful authentication with trucated version of the password
Summary
A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement. While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can still be exploited to reduce the complexity of brute-force or password-guessing attacks. The truncation of passwords weakens the overall authentication process, thereby reducing the effectiveness of password policies and potentially increasing the risk of unauthorized access in the future.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2024-9683 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2317559 | issue-trackingx_refsource_REDHAT |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
3.8.14
(semver)
|
|||
| Red Hat | Red Hat Quay 3 |
cpe:/a:redhat:quay:3 |
Date Public
2024-10-09 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9683",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:35:37.574201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:36:13.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/quay/quay",
"defaultStatus": "unknown",
"packageName": "quay",
"versions": [
{
"status": "affected",
"version": "3.8.14",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "affected",
"packageName": "quay",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Alexander Pryor for reporting this issue."
}
],
"datePublic": "2024-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement.\u00a0 While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can still be exploited to reduce the complexity of brute-force or password-guessing attacks. The truncation of passwords weakens the overall authentication process, thereby reducing the effectiveness of password policies and potentially increasing the risk of unauthorized access in the future."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T00:44:44.742Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-9683"
},
{
"name": "RHBZ#2317559",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317559"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-09T12:28:16.419Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-10-09T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Quay: quay allows successful authentication with trucated version of the password",
"x_redhatCweChain": "CWE-305: Authentication Bypass by Primary Weakness"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-9683",
"datePublished": "2024-10-17T14:08:57.482Z",
"dateReserved": "2024-10-09T12:30:10.219Z",
"dateUpdated": "2025-11-07T00:44:44.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13915 (GCVE-0-2025-13915)
Vulnerability from cvelistv5 – Published: 2025-12-26 13:16 – Updated: 2026-02-26 16:07
VLAI
Title
Authentication bypass in IBM API Connect
Summary
IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7255149 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | API Connect |
Affected:
10.0.8.0 , ≤ 10.0.8.5
(semver)
Affected: 10.0.11.0 cpe:2.3:a:ibm:api_connect:10.0.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:api_connect:10.0.8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:api_connect:10.0.11.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T04:55:16.720651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:07:23.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:api_connect:10.0.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:api_connect:10.0.8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:api_connect:10.0.11.0:*:*:*:*:*:*:*"
],
"product": "API Connect",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.0.8.5",
"status": "affected",
"version": "10.0.8.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "10.0.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.\u003c/p\u003e"
}
],
"value": "IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T13:16:24.669Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7255149"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003cth\u003eProduct(s)\u003c/th\u003e\u003cth\u003eAffected Version Range\u003c/th\u003e\u003cth\u003eRemediated Version\u003c/th\u003e\u003cth\u003eInstructions / Download\u003c/th\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM API Connect V10.0.8\u003c/td\u003e\u003ctd\u003e10.0.8.0 \u2013 10.0.8.5\u003c/td\u003e\u003ctd\u003eiFix\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eInstructions:\u003c/div\u003e\u003cdiv\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7255318\"\u003ehttps://www.ibm.com/support/pages/node/7255318\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e10.0.8.1: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://ibm.biz/BdbtC6\"\u003ehttps://ibm.biz/BdbtC6\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e10.0.8.2-ifix1: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://ibm.biz/BdbtCN\"\u003ehttps://ibm.biz/BdbtCN\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e10.0.8.2-ifix2: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://ibm.biz/BdbtC7\"\u003ehttps://ibm.biz/BdbtC7\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e10.0.8.3: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://ibm.biz/BdbtCW\"\u003ehttps://ibm.biz/BdbtCW\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e10.0.8.4: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://ibm.biz/BdbtQc\"\u003ehttps://ibm.biz/BdbtQc\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e10.0.8.5: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://ibm.biz/BdbtQB\"\u003ehttps://ibm.biz/BdbtQB\u003c/a\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM API Connect V10.0\u003c/td\u003e\u003ctd\u003e10.0.11\u003c/td\u003e\u003ctd\u003eiFix\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://ibm.biz/BdbtCw\"\u003ehttps://ibm.biz/BdbtCw\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading.\n\nProduct(s)Affected Version RangeRemediated VersionInstructions / DownloadIBM API Connect V10.0.810.0.8.0 \u2013 10.0.8.5iFix\u00a0\n\nInstructions:\n\n https://www.ibm.com/support/pages/node/7255318 \n\n\u00a0\n\n10.0.8.1: https://ibm.biz/BdbtC6 \n\n\u00a0\n\n10.0.8.2-ifix1: https://ibm.biz/BdbtCN \n\n\u00a0\n\n10.0.8.2-ifix2: https://ibm.biz/BdbtC7 \n\n\u00a0\n\n10.0.8.3: https://ibm.biz/BdbtCW \n\n\u00a0\n\n10.0.8.4: https://ibm.biz/BdbtQc \n\n\u00a0\n\n10.0.8.5: https://ibm.biz/BdbtQB \n\n\u00a0\n\n\n\n\n\n\n\n\n\n\n\nIBM API Connect V10.010.0.11iFix https://ibm.biz/BdbtCw"
}
],
"title": "Authentication bypass in IBM API Connect",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWorkarounds and Mitigations Customers unable to install the interim fix should disable self-service sign-up on their Developer Portal if enabled, which will help minimise their exposure to this vulnerability.\u003c/p\u003e"
}
],
"value": "Workarounds and Mitigations Customers unable to install the interim fix should disable self-service sign-up on their Developer Portal if enabled, which will help minimise their exposure to this vulnerability."
}
],
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13915",
"datePublished": "2025-12-26T13:16:24.669Z",
"dateReserved": "2025-12-02T18:13:58.988Z",
"dateUpdated": "2026-02-26T16:07:23.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1880 (GCVE-0-2025-1880)
Vulnerability from cvelistv5 – Published: 2025-03-03 20:00 – Updated: 2025-03-03 20:33
VLAI
Title
i-Drive i11/i12 Device Pairing authentication bypass
Summary
A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as problematic. Affected is an unknown function of the component Device Pairing. The manipulation leads to authentication bypass by primary weakness. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.298194 | vdb-entry |
| https://vuldb.com/?ctiid.298194 | signaturepermissions-required |
| https://vuldb.com/?submit.510951 | third-party-advisory |
| https://github.com/geo-chen/i-Drive | related |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1880",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T20:33:13.149399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T20:33:21.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Device Pairing"
],
"product": "i11",
"vendor": "i-Drive",
"versions": [
{
"status": "affected",
"version": "20250227"
}
]
},
{
"modules": [
"Device Pairing"
],
"product": "i12",
"vendor": "i-Drive",
"versions": [
{
"status": "affected",
"version": "20250227"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "geochen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as problematic. Affected is an unknown function of the component Device Pairing. The manipulation leads to authentication bypass by primary weakness. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in i-Drive i11 and i12 bis 20250227 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Komponente Device Pairing. Mittels Manipulieren mit unbekannten Daten kann eine authentication bypass by primary weakness-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 1,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.2,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T20:00:07.722Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298194 | i-Drive i11/i12 Device Pairing authentication bypass",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.298194"
},
{
"name": "VDB-298194 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298194"
},
{
"name": "Submit #510951 | i-DRIVE Dashcam i11, i12 Authentication Bypass by Primary Weakness",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.510951"
},
{
"tags": [
"related"
],
"url": "https://github.com/geo-chen/i-Drive"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-03T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-03T13:30:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "i-Drive i11/i12 Device Pairing authentication bypass"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1880",
"datePublished": "2025-03-03T20:00:07.722Z",
"dateReserved": "2025-03-03T12:25:18.321Z",
"dateUpdated": "2025-03-03T20:33:21.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23017 (GCVE-0-2025-23017)
Vulnerability from cvelistv5 – Published: 2025-02-24 00:00 – Updated: 2025-02-24 16:01 Exclusively Hosted Service
VLAI
Summary
WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling a new authentication factor) when the attacker knows the user's password. No exploitation occurred.
Severity
6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WorkOS | Hosted AuthKit |
Affected:
0 , < 2025-01-07
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-24T16:01:14.574929Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T16:01:35.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hosted AuthKit",
"vendor": "WorkOS",
"versions": [
{
"lessThan": "2025-01-07",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling a new authentication factor) when the attacker knows the user\u0027s password. No exploitation occurred."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T15:21:20.843Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://workos.com/security/advisories"
},
{
"url": "https://www.authkit.com"
}
],
"tags": [
"exclusively-hosted-service"
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-23017",
"datePublished": "2025-02-24T00:00:00.000Z",
"dateReserved": "2025-01-10T00:00:00.000Z",
"dateUpdated": "2025-02-24T16:01:35.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24522 (GCVE-0-2025-24522)
Vulnerability from cvelistv5 – Published: 2025-05-01 18:37 – Updated: 2025-05-01 19:00
VLAI
Title
KUNBUS Revolution Pi Authentication Bypass by Primary Weakness
Summary
KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server where they can run arbitrary commands on the underlying operating system.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| KUNBUS GmbH | Revolution Pi OS Bookworm |
Affected:
0 , ≤ 01/2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24522",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T18:45:05.733631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T18:45:19.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Revolution Pi OS Bookworm",
"vendor": "KUNBUS GmbH",
"versions": [
{
"lessThanOrEqual": "01/2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Bromiley of Pen Test Partners reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eKUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server where they can run arbitrary commands on the underlying operating system.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server where they can run arbitrary commands on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T19:00:44.088Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-121-01"
},
{
"url": "http://packages.revolutionpi.de/pool/main/p/pictory/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eKUNBUS has identified the following specific mitigations that users can apply to reduce risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUpdate PiCtory package to version 2.12\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThe preferred method for updating to version 2.12 is accomplished through KUNBUS\u0027s management UI Cockpit. However, users can also download the update package \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://packages.revolutionpi.de/pool/main/p/pictory/\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eBy end of April 2025, KUNBUS plans to release a new Cockpit plugin that helps the user to make configurations which are available in a graphical interface. In the meantime, it is recommended that users activate authentication. Please refer to this \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.kunbus.com/files/media/misc/kunbus-2025-0000002-remediation.pdf\"\u003eguide\u003c/a\u003e\u0026nbsp;for help with activating authentication.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "KUNBUS has identified the following specific mitigations that users can apply to reduce risk:\n\n * Update PiCtory package to version 2.12\n\n\nThe preferred method for updating to version 2.12 is accomplished through KUNBUS\u0027s management UI Cockpit. However, users can also download the update package here http://packages.revolutionpi.de/pool/main/p/pictory/ .\n\nBy end of April 2025, KUNBUS plans to release a new Cockpit plugin that helps the user to make configurations which are available in a graphical interface. In the meantime, it is recommended that users activate authentication. Please refer to this guide https://www.kunbus.com/files/media/misc/kunbus-2025-0000002-remediation.pdf \u00a0for help with activating authentication."
}
],
"source": {
"advisory": "ICSA-25-121-01",
"discovery": "EXTERNAL"
},
"title": "KUNBUS Revolution Pi Authentication Bypass by Primary Weakness",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-24522",
"datePublished": "2025-05-01T18:37:37.244Z",
"dateReserved": "2025-04-17T20:46:42.230Z",
"dateUpdated": "2025-05-01T19:00:44.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27370 (GCVE-0-2025-27370)
Vulnerability from cvelistv5 – Published: 2025-03-03 00:00 – Updated: 2025-04-25 14:43
VLAI
Summary
OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the private_key_jwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including token endpoints or issuer identifiers of other Authorization Servers. The malicious Authorization Server could then use these private key JWTs to impersonate the Client.
Severity
6.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OpenID | OpenID Connect |
Affected:
0 , ≤ 1.0 errata set 2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T16:59:06.842747Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T16:59:34.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OpenID Connect",
"vendor": "OpenID",
"versions": [
{
"lessThanOrEqual": "1.0 errata set 2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openid:openid_connect:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.0 errata set 2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the private_key_jwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including token endpoints or issuer identifiers of other Authorization Servers. The malicious Authorization Server could then use these private key JWTs to impersonate the Client."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T14:43:40.581Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://openid.net/wp-content/uploads/2025/01/OIDF-Responsible-Disclosure-Notice-on-Security-Vulnerability-for-private_key_jwt.pdf"
},
{
"url": "https://openid.net/notice-of-a-security-vulnerability/"
},
{
"url": "https://talks.secworkshop.events/osw2025/talk/R8D9BS/"
},
{
"url": "https://github.com/OWASP/ASVS/issues/2678"
},
{
"url": "https://eprint.iacr.org/2025/629"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-27370",
"datePublished": "2025-03-03T00:00:00.000Z",
"dateReserved": "2025-02-23T00:00:00.000Z",
"dateUpdated": "2025-04-25T14:43:40.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27371 (GCVE-0-2025-27371)
Vulnerability from cvelistv5 – Published: 2025-03-03 00:00 – Updated: 2025-04-25 14:42
VLAI
Summary
In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to authorization servers. The affected RFCs may include RFC 7523, and also RFC 7521, RFC 7522, RFC 9101 (JAR), and RFC 9126 (PAR).
Severity
6.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T16:49:31.778471Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T16:49:57.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RFC 7523",
"vendor": "IETF",
"versions": [
{
"status": "affected",
"version": "7523",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to authorization servers. The affected RFCs may include RFC 7523, and also RFC 7521, RFC 7522, RFC 9101 (JAR), and RFC 9126 (PAR)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T14:42:06.366Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://openid.net/wp-content/uploads/2025/01/OIDF-Responsible-Disclosure-Notice-on-Security-Vulnerability-for-private_key_jwt.pdf"
},
{
"url": "https://openid.net/notice-of-a-security-vulnerability/"
},
{
"url": "https://talks.secworkshop.events/osw2025/talk/R8D9BS/"
},
{
"url": "https://github.com/OWASP/ASVS/issues/2678"
},
{
"url": "https://eprint.iacr.org/2025/629"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-27371",
"datePublished": "2025-03-03T00:00:00.000Z",
"dateReserved": "2025-02-23T00:00:00.000Z",
"dateUpdated": "2025-04-25T14:42:06.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31161 (GCVE-0-2025-31161)
Vulnerability from cvelistv5 – Published: 2025-04-03 00:00 – Updated: 2025-10-21 22:55
VLAI
Summary
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." A race condition exists in the AWS4-HMAC (compatible with S3) authorization method of the HTTP component of the FTP server. The server first verifies the existence of the user by performing a call to login_user_pass() with no password requirement. This will authenticate the session through the HMAC verification process and up until the server checks for user verification once more. The vulnerability can be further stabilized, eliminating the need for successfully triggering a race condition, by sending a mangled AWS4-HMAC header. By providing only the username and a following slash (/), the server will successfully find a username, which triggers the successful anypass authentication process, but the server will fail to find the expected SignedHeaders entry, resulting in an index-out-of-bounds error that stops the code from reaching the session cleanup. Together, these issues make it trivial to authenticate as any known or guessable user (e.g., crushadmin), and can lead to a full compromise of the system by obtaining an administrative account.
Severity
9.8 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
10 references
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-04-21T15:11:23.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://projectdiscovery.io/blog/crushftp-authentication-bypass"
},
{
"url": "https://www.darkreading.com/vulnerabilities-threats/disclosure-drama-clouds-crushftp-vulnerability-exploitation"
},
{
"url": "https://www.huntress.com/blog/crushftp-cve-2025-31161-auth-bypass-and-post-exploitation"
},
{
"url": "https://attackerkb.com/topics/k0EgiL9Psz/cve-2025-2825/rapid7-analysis"
},
{
"url": "https://www.infosecurity-magazine.com/news/crushftp-flaw-exploited-disclosure/"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-31161-detect-crushftp-vulnerability"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-31161-mitigate-crushftp-vulnerability"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31161",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T19:11:52.009095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-04-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31161"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:22.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31161"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-07T00:00:00.000Z",
"value": "CVE-2025-31161 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CrushFTP",
"vendor": "CrushFTP",
"versions": [
{
"lessThan": "10.8.4",
"status": "affected",
"version": "10",
"versionType": "custom"
},
{
"lessThan": "11.3.1",
"status": "affected",
"version": "11",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.8.4",
"versionStartIncluding": "10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.3.1",
"versionStartIncluding": "11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kristian Varnai, Outpost24"
},
{
"lang": "en",
"type": "finder",
"value": "Marcus White, Outpost24"
}
],
"descriptions": [
{
"lang": "en",
"value": "CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka \"Unauthenticated HTTP(S) port access.\" A race condition exists in the AWS4-HMAC (compatible with S3) authorization method of the HTTP component of the FTP server. The server first verifies the existence of the user by performing a call to login_user_pass() with no password requirement. This will authenticate the session through the HMAC verification process and up until the server checks for user verification once more. The vulnerability can be further stabilized, eliminating the need for successfully triggering a race condition, by sending a mangled AWS4-HMAC header. By providing only the username and a following slash (/), the server will successfully find a username, which triggers the successful anypass authentication process, but the server will fail to find the expected SignedHeaders entry, resulting in an index-out-of-bounds error that stops the code from reaching the session cleanup. Together, these issues make it trivial to authenticate as any known or guessable user (e.g., crushadmin), and can lead to a full compromise of the system by obtaining an administrative account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T21:20:48.434Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://outpost24.com/blog/crushftp-auth-bypass-vulnerability/"
},
{
"url": "https://crushftp.com/crush11wiki/Wiki.jsp?page=Update#section-Update-VulnerabilityInfo"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-31161",
"datePublished": "2025-04-03T00:00:00.000Z",
"dateReserved": "2025-03-27T00:00:00.000Z",
"dateUpdated": "2025-10-21T22:55:22.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31703 (GCVE-0-2025-31703)
Vulnerability from cvelistv5 – Published: 2026-03-18 07:13 – Updated: 2026-03-18 14:09
VLAI
Summary
A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication bypass by primary weakness
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| dahua | NVR2-4KS3 |
Affected:
Versions which Build time prior to 3rd March 2026
|
|
| dahua | XVR4232AN-I/T |
Affected:
Versions which Build time prior to 3rd March 2026
|
|
| dahua | XVR1B16H-I/T |
Affected:
Versions which Build time prior to 3rd March 2026
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31703",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-18T14:09:19.621439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T14:09:28.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NVR2-4KS3",
"vendor": "dahua",
"versions": [
{
"status": "affected",
"version": "Versions which Build time prior to 3rd March 2026"
}
]
},
{
"defaultStatus": "unaffected",
"product": "XVR4232AN-I/T",
"vendor": "dahua",
"versions": [
{
"status": "affected",
"version": "Versions which Build time prior to 3rd March 2026"
}
]
},
{
"defaultStatus": "unaffected",
"product": "XVR1B16H-I/T",
"vendor": "dahua",
"versions": [
{
"status": "affected",
"version": "Versions which Build time prior to 3rd March 2026"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell\u0027s authentication mechanism to escalate privileges."
}
],
"value": "A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell\u0027s authentication mechanism to escalate privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 2.4,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication bypass by primary weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T07:13:21.911Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/security-advisory-%E2%80%93-vulnerability-found-in-dahua-nvr-xvr-device"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2025-31703",
"datePublished": "2026-03-18T07:13:21.911Z",
"dateReserved": "2025-04-01T05:57:11.783Z",
"dateUpdated": "2026-03-18T14:09:28.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31965 (GCVE-0-2025-31965)
Vulnerability from cvelistv5 – Published: 2025-07-29 16:53 – Updated: 2025-07-29 18:32
VLAI
Title
HCL BigFix Remote Control is affected by an authorization bypass vulnerability
Summary
Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and lower) allow non-admin users to view unauthorized information on certain web pages.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.hcl-software.com/csm?id=kb_articl… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HCL Software | BigFix Remote Control |
Affected:
<=10.1.0.0248
|
Date Public
2025-07-29 16:49
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T18:31:42.734276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T18:32:30.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BigFix Remote Control",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "\u003c=10.1.0.0248"
}
]
}
],
"datePublic": "2025-07-29T16:49:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and lower) allow non-admin users to view unauthorized information on certain web pages.\u003cbr\u003e"
}
],
"value": "Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and lower) allow non-admin users to view unauthorized information on certain web pages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T16:53:03.338Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"name": "VDB-299060 | PyTorch Quantized Sigmoid Module nnq_Sigmoid initialization",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0122906"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL BigFix Remote Control is affected by an authorization bypass vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2025-31965",
"datePublished": "2025-07-29T16:53:03.338Z",
"dateReserved": "2025-04-01T18:46:23.152Z",
"dateUpdated": "2025-07-29T18:32:30.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.