CWE-358
Improperly Implemented Security Check for Standard
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
CVE-2025-13333 (GCVE-0-2025-13333)
Vulnerability from cvelistv5 – Published: 2026-02-17 22:45 – Updated: 2026-02-18 20:41
VLAI
Title
IBM WebSphere Application Server could provide weaker than expected security
Summary
IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings.
Severity
4.4 (Medium)
CWE
- CWE-358 - Improperly Implemented Security Check for Standard
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7260217 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
9.0 , ≤ 9.0.5.27
(semver)
Affected: 8.5 , ≤ 8.5.5.29 (semver) cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T20:41:47.988272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T20:41:58.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "9.0.5.27",
"status": "affected",
"version": "9.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.5.29",
"status": "affected",
"version": "8.5",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings.\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358 Improperly Implemented Security Check for Standard",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T22:45:10.891Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7260217"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH68976.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAttention: After installing the interim fix or fixpack, please follow the additional instructions provided in the interim fix link referenced below to complete the remediation.\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.26:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7260117\"\u003ePH68976\u003c/a\u003e\u0026nbsp;and \u003cstrong\u003ecarefully follow the instructions for steps required after fix installation.\u003c/strong\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 9.0.5.27 or later (targeted availability 1Q2026) and \u003cstrong\u003ecarefully follow the instructions in \u003c/strong\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7260117\"\u003ePH68976\u003c/a\u003e\u003cstrong\u003e\u0026nbsp;for steps required after fixpack installation.\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7260117\"\u003ePH68976\u003c/a\u003e\u0026nbsp;and \u003cstrong\u003ecarefully follow the instructions for steps required after fix installation.\u003c/strong\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026) and \u003cstrong\u003ecarefully follow the instructions in \u003c/strong\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7260117\"\u003ePH68976\u003c/a\u003e\u003cstrong\u003e\u0026nbsp;for steps required after fixpack installation.\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH68976.\n\nAttention: After installing the interim fix or fixpack, please follow the additional instructions provided in the interim fix link referenced below to complete the remediation.\u00a0\n\nFor IBM WebSphere Application Server traditional:\n\nFor V9.0.0.0 through 9.0.5.26:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH68976 https://www.ibm.com/support/pages/node/7260117 \u00a0and carefully follow the instructions for steps required after fix installation.\n--OR--\n\u00b7 Apply Fix Pack 9.0.5.27 or later (targeted availability 1Q2026) and carefully follow the instructions in PH68976 https://www.ibm.com/support/pages/node/7260117 \u00a0for steps required after fixpack installation.\n\nFor V8.5.0.0 through 8.5.5.29:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH68976 https://www.ibm.com/support/pages/node/7260117 \u00a0and carefully follow the instructions for steps required after fix installation.\n--OR--\n\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026) and carefully follow the instructions in PH68976 https://www.ibm.com/support/pages/node/7260117 \u00a0for steps required after fixpack installation.\n\nAdditional interim fixes may be available and linked off the interim fix download page."
}
],
"title": "IBM WebSphere Application Server could provide weaker than expected security",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13333",
"datePublished": "2026-02-17T22:45:10.891Z",
"dateReserved": "2025-11-17T19:53:28.144Z",
"dateUpdated": "2026-02-18T20:41:58.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21267 (GCVE-0-2025-21267)
Vulnerability from cvelistv5 – Published: 2025-02-06 22:41 – Updated: 2026-02-13 19:44
VLAI
Title
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Summary
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Severity
CWE
- CWE-358 - Improperly Implemented Security Check for Standard
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0.0 , < 133.0.3065.51
(custom)
|
Date Public
2025-02-06 08:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:02:48.539916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:04:56.879Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "133.0.3065.51",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "133.0.3065.51",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-02-06T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358: Improperly Implemented Security Check for Standard",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:44:24.425Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21267"
}
],
"title": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-21267",
"datePublished": "2025-02-06T22:41:30.311Z",
"dateReserved": "2024-12-10T23:54:12.935Z",
"dateUpdated": "2026-02-13T19:44:24.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-25255 (GCVE-0-2025-25255)
Vulnerability from cvelistv5 – Published: 2025-10-14 15:23 – Updated: 2026-01-14 09:18
VLAI
Summary
An Improperly Implemented Security Check for Standard vulnerability [CWE-358] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0.1 through 7.0.22 may allow an unauthenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests.
Severity
CWE
- CWE-358 - Improper access control
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiOS |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiProxy |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
Affected: 7.4.0 , ≤ 7.4.11 (semver) Affected: 7.2.0 , ≤ 7.2.15 (semver) Affected: 7.0.1 , ≤ 7.0.22 (semver) cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-25255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T13:14:31.720498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T13:14:42.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiOS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiProxy",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.11",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.15",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.22",
"status": "affected",
"version": "7.0.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improperly Implemented Security Check for Standard vulnerability [CWE-358] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0.1 through 7.0.22 may allow an unauthenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:18:28.360Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-372",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-372"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiOS version 7.6.4 or above\nUpgrade to FortiProxy version 7.6.4 or above\nUpgrade to FortiProxy version 7.4.12 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-25255",
"datePublished": "2025-10-14T15:23:09.821Z",
"dateReserved": "2025-02-05T13:31:18.867Z",
"dateUpdated": "2026-01-14T09:18:28.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31969 (GCVE-0-2025-31969)
Vulnerability from cvelistv5 – Published: 2025-10-12 07:37 – Updated: 2025-10-14 14:06
VLAI
Title
HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP)
Summary
HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cross-site scripting and clickjacking.
Severity
4 (Medium)
CWE
- CWE-358 - Improperly Implemented Security Check for Standard
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HCL Software | Unica Platform |
Affected:
<= 25.1
|
Date Public
2025-10-12 06:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T13:29:03.592166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T14:06:18.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Unica Platform",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "\u003c= 25.1"
}
]
}
],
"datePublic": "2025-10-12T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cross-site scripting and clickjacking.\u003cbr\u003e"
}
],
"value": "HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cross-site scripting and clickjacking."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358 Improperly Implemented Security Check for Standard",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-12T07:37:24.785Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0124417"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2025-31969",
"datePublished": "2025-10-12T07:37:24.785Z",
"dateReserved": "2025-04-01T18:46:23.152Z",
"dateUpdated": "2025-10-14T14:06:18.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31970 (GCVE-0-2025-31970)
Vulnerability from cvelistv5 – Published: 2026-05-06 10:22 – Updated: 2026-05-07 13:09
VLAI
Title
HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability
Summary
HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)
Severity
5.3 (Medium)
CWE
- CWE-358 - Improperly Implemented Security Check for Standard
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HCL | DFXAnalytics |
Affected:
3.1 and below
|
Date Public
2026-05-06 14:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T14:12:49.904940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T13:09:17.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DFXAnalytics",
"vendor": "HCL",
"versions": [
{
"status": "affected",
"version": "3.1 and below"
}
]
}
],
"datePublic": "2026-05-06T14:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)"
}
],
"value": "HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358: Improperly Implemented Security Check for Standard",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T10:22:41.866Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0130569"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2025-31970",
"datePublished": "2026-05-06T10:22:41.866Z",
"dateReserved": "2025-04-01T18:46:23.152Z",
"dateUpdated": "2026-05-07T13:09:17.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31983 (GCVE-0-2025-31983)
Vulnerability from cvelistv5 – Published: 2026-05-06 13:40 – Updated: 2026-05-06 14:49
VLAI
Title
HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header
Summary
HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information.
Severity
CWE
- CWE-358 - Improperly Implemented Security Check for Standard
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HCL | BigFix Service Management (SM) |
Affected:
23
|
Date Public
2026-05-06 16:15
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31983",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T14:48:57.788021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T14:49:05.461Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BigFix Service Management (SM)",
"vendor": "HCL",
"versions": [
{
"status": "affected",
"version": "23"
}
]
}
],
"datePublic": "2026-05-06T16:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information."
}
],
"value": "HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358: Improperly Implemented Security Check for Standard",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T13:40:41.736Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0128144"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header",
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2025-31983",
"datePublished": "2026-05-06T13:40:41.736Z",
"dateReserved": "2025-04-01T18:46:33.655Z",
"dateUpdated": "2026-05-06T14:49:05.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32086 (GCVE-0-2025-32086)
Vulnerability from cvelistv5 – Published: 2025-08-12 16:59 – Updated: 2026-02-26 17:49
VLAI
Summary
Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.
Severity
7.2 (High)
CWE
- Escalation of Privilege
- CWE-358 - Improperly Implemented Security Check for Standard
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX |
Affected:
See references
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32086",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-13T15:04:21.323278Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:49:25.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:32:29.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege",
"lang": "en"
},
{
"cweId": "CWE-358",
"description": "Improperly Implemented Security Check for Standard",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T16:59:38.650Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01367.html",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01367.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2025-32086",
"datePublished": "2025-08-12T16:59:38.650Z",
"dateReserved": "2025-04-04T03:00:34.367Z",
"dateUpdated": "2026-02-26T17:49:25.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49011 (GCVE-0-2025-49011)
Vulnerability from cvelistv5 – Published: 2025-06-06 17:36 – Updated: 2025-06-06 21:33
VLAI
Title
SpiceDB checks involving relations with caveats can result in no permission when permission is expected
Summary
SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected. Version 1.44.2 fixes the issue. As a workaround, do not use caveats in the schema over an arrow’ed relation.
Severity
CWE
- CWE-358 - Improperly Implemented Security Check for Standard
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/authzed/spicedb/security/advis… | x_refsource_CONFIRM |
| https://github.com/authzed/spicedb/commit/fe8dd9f… | x_refsource_MISC |
| https://github.com/authzed/spicedb/releases/tag/v1.44.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49011",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-06T18:38:07.236832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T18:38:24.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "spicedb",
"vendor": "authzed",
"versions": [
{
"status": "affected",
"version": "\u003c 1.44.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow\u2019ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected. Version 1.44.2 fixes the issue. As a workaround, do not use caveats in the schema over an arrow\u2019ed relation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358: Improperly Implemented Security Check for Standard",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T21:33:23.317Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/authzed/spicedb/security/advisories/GHSA-cwwm-hr97-qfxm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/authzed/spicedb/security/advisories/GHSA-cwwm-hr97-qfxm"
},
{
"name": "https://github.com/authzed/spicedb/commit/fe8dd9f491f6975b3408c401e413a530eb181a67",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/authzed/spicedb/commit/fe8dd9f491f6975b3408c401e413a530eb181a67"
},
{
"name": "https://github.com/authzed/spicedb/releases/tag/v1.44.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/authzed/spicedb/releases/tag/v1.44.2"
}
],
"source": {
"advisory": "GHSA-cwwm-hr97-qfxm",
"discovery": "UNKNOWN"
},
"title": "SpiceDB checks involving relations with caveats can result in no permission when permission is expected"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49011",
"datePublished": "2025-06-06T17:36:21.747Z",
"dateReserved": "2025-05-29T16:34:07.176Z",
"dateUpdated": "2025-06-06T21:33:23.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58308 (GCVE-0-2025-58308)
Vulnerability from cvelistv5 – Published: 2025-11-28 03:04 – Updated: 2025-11-28 14:59
VLAI
Summary
Vulnerability of improper criterion security check in the call module.
Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
Severity
7.3 (High)
CWE
- CWE-358 - Improperly Implemented Security Check for Standard
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58308",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T14:59:09.510142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T14:59:16.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability of improper criterion security check in the call module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may cause features to perform abnormally."
}
],
"value": "Vulnerability of improper criterion security check in the call module.\nImpact: Successful exploitation of this vulnerability may cause features to perform abnormally."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358 Improperly Implemented Security Check for Standard",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T03:04:29.657Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2025/11/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-58308",
"datePublished": "2025-11-28T03:04:29.657Z",
"dateReserved": "2025-08-28T06:15:10.974Z",
"dateUpdated": "2025-11-28T14:59:16.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59147 (GCVE-0-2025-59147)
Vulnerability from cvelistv5 – Published: 2025-10-01 19:27 – Updated: 2025-10-01 19:42
VLAI
Title
Suricata is Vulnerable to Detection Bypass via Crafted Multiple SYN Packets
Summary
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers within the same flow tuple, which can cause Suricata to fail to pick up the TCP session. In IDS mode this can lead to a detection and logging bypass. In IPS mode this will lead to the flow getting blocked. This issue is fixed in versions 7.0.12 and 8.0.1.
Severity
7.5 (High)
CWE
- CWE-358 - Improperly Implemented Security Check for Standard
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/OISF/suricata/security/advisor… | x_refsource_CONFIRM |
| https://github.com/OISF/suricata/commit/be6315dba… | x_refsource_MISC |
| https://github.com/OISF/suricata/commit/e91b03c90… | x_refsource_MISC |
| https://forum.suricata.io/t/suricata-8-0-1-and-7-… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59147",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:42:12.196265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:42:24.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "suricata",
"vendor": "OISF",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.12"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers within the same flow tuple, which can cause Suricata to fail to pick up the TCP session. In IDS mode this can lead to a detection and logging bypass. In IPS mode this will lead to the flow getting blocked. This issue is fixed in versions 7.0.12 and 8.0.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358: Improperly Implemented Security Check for Standard",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:27:55.639Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-v8hv-6v7x-4c2r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-v8hv-6v7x-4c2r"
},
{
"name": "https://github.com/OISF/suricata/commit/be6315dba0d9101b11d16e9dacfe2822b3792f1b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/be6315dba0d9101b11d16e9dacfe2822b3792f1b"
},
{
"name": "https://github.com/OISF/suricata/commit/e91b03c90385db15e21cf1a0e85b921bf92b039e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OISF/suricata/commit/e91b03c90385db15e21cf1a0e85b921bf92b039e"
},
{
"name": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018",
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.suricata.io/t/suricata-8-0-1-and-7-0-12-released/6018"
}
],
"source": {
"advisory": "GHSA-v8hv-6v7x-4c2r",
"discovery": "UNKNOWN"
},
"title": "Suricata is Vulnerable to Detection Bypass via Crafted Multiple SYN Packets"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59147",
"datePublished": "2025-10-01T19:27:55.639Z",
"dateReserved": "2025-09-09T15:23:16.326Z",
"dateUpdated": "2025-10-01T19:42:24.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.