CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
CVE-2025-27696 (GCVE-0-2025-27696)
Vulnerability from cvelistv5 – Published: 2025-05-13 08:21 – Updated: 2025-09-01 09:52
VLAI
Title
Apache Superset: Incorrect authorization leading to resource ownership takeover
Summary
Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions.
This issue affects Apache Superset: through 4.1.1.
Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Superset |
Affected:
0 , ≤ 4.1.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-05-13T09:04:04.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/12/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27696",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:15:33.572744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:15:41.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Superset",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.1.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jo\u00e3o Marono"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Daniel Gaspar"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIncorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Superset: through 4.1.1.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.1.2 or above, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions.\n\nThis issue affects Apache Superset: through 4.1.1.\n\nUsers are recommended to upgrade to version 4.1.2 or above, which fixes the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T09:52:53.293Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/k2od03bxnxs6vcp80sr03ywcxl194413"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Superset: Incorrect authorization leading to resource ownership takeover",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-27696",
"datePublished": "2025-05-13T08:21:21.199Z",
"dateReserved": "2025-03-05T08:57:14.278Z",
"dateUpdated": "2025-09-01T09:52:53.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27715 (GCVE-0-2025-27715)
Vulnerability from cvelistv5 – Published: 2025-03-21 08:22 – Updated: 2025-03-21 13:35
VLAI
Title
Auto-Enrollment of Team Admins into Private Channels without explicit consent
Summary
Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
9.11.0 , ≤ 9.11.8
(semver)
Unaffected: 10.5.0 Unaffected: 9.11.9 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27715",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T13:34:00.840353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T13:35:01.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "9.11.8",
"status": "affected",
"version": "9.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.5.0"
},
{
"status": "unaffected",
"version": "9.11.9"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joram Wilander"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost versions 9.11.x \u0026lt;= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them.\u0026nbsp;\u003c/p\u003e"
}
],
"value": "Mattermost versions 9.11.x \u003c= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T08:22:25.321Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost to versions 10.5.0, 9.11.9 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost to versions 10.5.0, 9.11.9 or higher."
}
],
"source": {
"advisory": "MMSA-2024-00409",
"defect": [
"https://mattermost.atlassian.net/browse/MM-61846"
],
"discovery": "INTERNAL"
},
"title": "Auto-Enrollment of Team Admins into Private Channels without explicit consent",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-27715",
"datePublished": "2025-03-21T08:22:25.321Z",
"dateReserved": "2025-03-20T08:20:28.097Z",
"dateUpdated": "2025-03-21T13:35:01.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27822 (GCVE-0-2025-27822)
Vulnerability from cvelistv5 – Published: 2025-03-07 00:00 – Updated: 2025-03-07 22:29
VLAI
Summary
An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module provides a "Masquerade as admin" permission to restrict people (who can masquerade) from switching to an account with administrative privileges. This permission is not always honored and may allow non-administrative users to masquerade as an administrator. This vulnerability is mitigated by the fact that an attacker must have a role with the "Masquerade as user" permission.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| backdropcms | Masquerade |
Affected:
0 , < 1.x-1.0.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27822",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T22:29:07.805229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T22:29:21.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Masquerade",
"vendor": "backdropcms",
"versions": [
{
"lessThan": "1.x-1.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module provides a \"Masquerade as admin\" permission to restrict people (who can masquerade) from switching to an account with administrative privileges. This permission is not always honored and may allow non-administrative users to masquerade as an administrator. This vulnerability is mitigated by the fact that an attacker must have a role with the \"Masquerade as user\" permission."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T21:56:30.548Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://backdropcms.org/security/backdrop-sa-contrib-2025-006"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-27822",
"datePublished": "2025-03-07T00:00:00.000Z",
"dateReserved": "2025-03-07T00:00:00.000Z",
"dateUpdated": "2025-03-07T22:29:21.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27933 (GCVE-0-2025-27933)
Vulnerability from cvelistv5 – Published: 2025-03-21 08:23 – Updated: 2025-03-21 13:32
VLAI
Title
Unauthorized Private-to-Public Channel Conversion
Summary
Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to fail to enforce channel conversion restrictions, which allows members with permission to convert public channels to private ones to also convert private ones to public
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.4.0 , ≤ 10.4.2
(semver)
Affected: 10.3.0 , ≤ 10.3.3 (semver) Affected: 9.11.0 , ≤ 9.11.8 (semver) Unaffected: 10.5.0 Unaffected: 10.4.3 Unaffected: 10.3.4 Unaffected: 9.11.9 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T13:32:36.989272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T13:32:57.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.4.2",
"status": "affected",
"version": "10.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.3.3",
"status": "affected",
"version": "10.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.11.8",
"status": "affected",
"version": "9.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.5.0"
},
{
"status": "unaffected",
"version": "10.4.3"
},
{
"status": "unaffected",
"version": "10.3.4"
},
{
"status": "unaffected",
"version": "9.11.9"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "mrhashimamin"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost versions 10.4.x \u0026lt;= 10.4.2, 10.3.x \u0026lt;= 10.3.3, 9.11.x \u0026lt;= 9.11.8 fail to fail to enforce channel conversion restrictions, which allows members with permission to convert public channels to private ones to also convert private ones to public\u003c/p\u003e"
}
],
"value": "Mattermost versions 10.4.x \u003c= 10.4.2, 10.3.x \u003c= 10.3.3, 9.11.x \u003c= 9.11.8 fail to fail to enforce channel conversion restrictions, which allows members with permission to convert public channels to private ones to also convert private ones to public"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T08:23:20.955Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost to versions 10.5.0, 10.4.3, 10.3.4, 9.11.9 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost to versions 10.5.0, 10.4.3, 10.3.4, 9.11.9 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00418",
"defect": [
"https://mattermost.atlassian.net/browse/MM-62401"
],
"discovery": "EXTERNAL"
},
"title": "Unauthorized Private-to-Public Channel Conversion",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-27933",
"datePublished": "2025-03-21T08:23:20.955Z",
"dateReserved": "2025-03-20T08:20:28.128Z",
"dateUpdated": "2025-03-21T13:32:57.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-29757 (GCVE-0-2025-29757)
Vulnerability from cvelistv5 – Published: 2025-07-19 05:15 – Updated: 2025-07-22 10:05 Exclusively Hosted Service
VLAI
Summary
An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://server.growatt.com | product |
| https://oss.growatt.com | product |
| https://csirt.divd.nl/CVE-2025-29757 | third-party-advisory |
| https://csirt.divd.nl/DIVD-2025-00011 | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Growatt | https://oss.growatt.com |
Affected:
0 , < 13 Jun 2025
(date)
|
|
| Growatt | https://server.growatt.com |
Affected:
0 , < 13 June 2025
(date)
|
Date Public
2025-07-09 22:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-21T15:37:51.011826Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T15:38:13.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "https://oss.growatt.com",
"vendor": "Growatt",
"versions": [
{
"lessThan": "13 Jun 2025",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
},
{
"defaultStatus": "unaffected",
"product": "https://server.growatt.com",
"vendor": "Growatt",
"versions": [
{
"lessThan": "13 June 2025",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Humza Ahmad"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
}
],
"datePublic": "2025-07-09T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An incorrect authorisation check in the the\u0026nbsp;\u0027plant transfer\u0027 function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account."
}
],
"value": "An incorrect authorisation check in the the\u00a0\u0027plant transfer\u0027 function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account."
}
],
"impacts": [
{
"capecId": "CAPEC-395",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-395 Bypassing Electronic Locks and Access Controls"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/S:P/V:C",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T10:05:55.465Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"product"
],
"url": "https://server.growatt.com"
},
{
"tags": [
"product"
],
"url": "https://oss.growatt.com"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2025-29757"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/DIVD-2025-00011"
}
],
"source": {
"advisory": "DIVD-2025-00011",
"discovery": "EXTERNAL"
},
"tags": [
"exclusively-hosted-service"
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2025-29757",
"datePublished": "2025-07-19T05:15:36.810Z",
"dateReserved": "2025-03-11T13:40:29.272Z",
"dateUpdated": "2025-07-22T10:05:55.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-29997 (GCVE-0-2025-29997)
Vulnerability from cvelistv5 – Published: 2025-03-13 11:21 – Updated: 2025-03-13 19:34
VLAI
Title
Improper Access Control Vulnerability in CAP back office application
Summary
This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthorized access to other user accounts.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rising Technosoft | CAP back office application |
Affected:
<2.0.4
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-13T19:34:02.941052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T19:34:11.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CAP back office application",
"vendor": "Rising Technosoft",
"versions": [
{
"status": "affected",
"version": "\u003c2.0.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Mohit Gadiya."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthorized access to other user accounts."
}
],
"value": "This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthorized access to other user accounts."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T11:21:17.016Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2025-0048"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade Rising Technosoft CAP back office application to the version 2.0.4 or later.\u003cbr\u003e"
}
],
"value": "Upgrade Rising Technosoft CAP back office application to the version 2.0.4 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control Vulnerability in CAP back office application",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2025-29997",
"datePublished": "2025-03-13T11:21:17.016Z",
"dateReserved": "2025-03-13T06:38:16.283Z",
"dateUpdated": "2025-03-13T19:34:11.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30074 (GCVE-0-2025-30074)
Vulnerability from cvelistv5 – Published: 2025-03-16 00:00 – Updated: 2025-03-17 16:03
VLAI
Summary
Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.parallels.com/en/130944 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Parallels | Parallels Desktop |
Affected:
19.3.1 , < 19.4.2
(semver)
Affected: 20.0.0 , < 20.2.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30074",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T16:03:24.386795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T16:03:47.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Parallels Desktop",
"vendor": "Parallels",
"versions": [
{
"lessThan": "19.4.2",
"status": "affected",
"version": "19.3.1",
"versionType": "semver"
},
{
"lessThan": "20.2.2",
"status": "affected",
"version": "20.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:parallels:parallels_desktop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "19.4.2",
"versionStartIncluding": "19.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:parallels:parallels_desktop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20.2.2",
"versionStartIncluding": "20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-16T02:19:41.913Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://kb.parallels.com/en/130944"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-30074",
"datePublished": "2025-03-16T00:00:00.000Z",
"dateReserved": "2025-03-16T00:00:00.000Z",
"dateUpdated": "2025-03-17T16:03:47.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30155 (GCVE-0-2025-30155)
Vulnerability from cvelistv5 – Published: 2025-03-31 15:58 – Updated: 2025-03-31 18:18
VLAI
Title
Tuleap does not enforce read permissions on parent trackers in the REST API
Summary
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/Enalean/tuleap/security/adviso… | x_refsource_CONFIRM |
| https://github.com/Enalean/tuleap/commit/0921df3a… | x_refsource_MISC |
| https://tuleap.net/plugins/git/tuleap/tuleap/stab… | x_refsource_MISC |
| https://tuleap.net/plugins/tracker/?aid=42237 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T18:18:05.404015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T18:18:13.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tuleap",
"vendor": "Enalean",
"versions": [
{
"status": "affected",
"version": "\u003c 16.5.99.1742392651"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T15:58:30.058Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-6hr4-h6px-7ppg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-6hr4-h6px-7ppg"
},
{
"name": "https://github.com/Enalean/tuleap/commit/0921df3a1c1aa20fc359b373f001a77c43b1b726",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Enalean/tuleap/commit/0921df3a1c1aa20fc359b373f001a77c43b1b726"
},
{
"name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=0921df3a1c1aa20fc359b373f001a77c43b1b726",
"tags": [
"x_refsource_MISC"
],
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=0921df3a1c1aa20fc359b373f001a77c43b1b726"
},
{
"name": "https://tuleap.net/plugins/tracker/?aid=42237",
"tags": [
"x_refsource_MISC"
],
"url": "https://tuleap.net/plugins/tracker/?aid=42237"
}
],
"source": {
"advisory": "GHSA-6hr4-h6px-7ppg",
"discovery": "UNKNOWN"
},
"title": "Tuleap does not enforce read permissions on parent trackers in the REST API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30155",
"datePublished": "2025-03-31T15:58:30.058Z",
"dateReserved": "2025-03-17T12:41:42.566Z",
"dateUpdated": "2025-03-31T18:18:13.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30162 (GCVE-0-2025-30162)
Vulnerability from cvelistv5 – Published: 2025-03-24 18:44 – Updated: 2025-03-24 19:30
VLAI
Title
East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
Summary
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces, egress traffic from workloads covered by such network policies to LoadBalancers configured by `Gateway` resources will incorrectly be allowed. LoadBalancer resources not deployed via a Gateway API configuration are not affected by this issue. This issue affects: Cilium v1.15 between v1.15.0 and v1.15.14 inclusive, v1.16 between v1.16.0 and v1.16.7 inclusive, and v1.17 between v1.17.0 and v1.17.1 inclusive. This issue is fixed in Cilium v1.15.15, v1.16.8, and v1.17.2. A Clusterwide Cilium Network Policy can be used to work around this issue for users who are unable to upgrade.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/cilium/cilium/security/advisor… | x_refsource_CONFIRM |
| https://github.com/cilium/proxy/pull/1172 | x_refsource_MISC |
| https://docs.cilium.io/en/stable/network/lb-ipam | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T19:30:05.274525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T19:30:18.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cilium",
"vendor": "cilium",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.16.0, \u003c 1.16.8"
},
{
"status": "affected",
"version": "\u003e= 1.17.0, \u003c 1.17.2"
},
{
"status": "affected",
"version": "\u003e= 1.15.0, \u003c 1.15.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces, egress traffic from workloads covered by such network policies to LoadBalancers configured by `Gateway` resources will incorrectly be allowed. LoadBalancer resources not deployed via a Gateway API configuration are not affected by this issue. This issue affects: Cilium v1.15 between v1.15.0 and v1.15.14 inclusive, v1.16 between v1.16.0 and v1.16.7 inclusive, and v1.17 between v1.17.0 and v1.17.1 inclusive. This issue is fixed in Cilium v1.15.15, v1.16.8, and v1.17.2. A Clusterwide Cilium Network Policy can be used to work around this issue for users who are unable to upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T18:44:07.927Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cilium/cilium/security/advisories/GHSA-24qp-4xx8-3jvj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-24qp-4xx8-3jvj"
},
{
"name": "https://github.com/cilium/proxy/pull/1172",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cilium/proxy/pull/1172"
},
{
"name": "https://docs.cilium.io/en/stable/network/lb-ipam",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cilium.io/en/stable/network/lb-ipam"
}
],
"source": {
"advisory": "GHSA-24qp-4xx8-3jvj",
"discovery": "UNKNOWN"
},
"title": "East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30162",
"datePublished": "2025-03-24T18:44:07.927Z",
"dateReserved": "2025-03-17T12:41:42.567Z",
"dateUpdated": "2025-03-24T19:30:18.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30163 (GCVE-0-2025-30163)
Vulnerability from cvelistv5 – Published: 2025-03-24 18:46 – Updated: 2025-03-24 19:29
VLAI
Title
Node based network policies may incorrectly allow workload traffic
Summary
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies (`fromNodes` and `toNodes`) will incorrectly permit traffic to/from non-node endpoints that share the labels specified in `fromNodes` and `toNodes` sections of network policies. Node based network policy is disabled by default in Cilium. This issue affects: Cilium v1.16 between v1.16.0 and v1.16.7 inclusive and v1.17 between v1.17.0 and v1.17.1 inclusive. This issue is fixed in Cilium v1.16.8 and v1.17.2. Users can work around this issue by ensuring that the labels used in `fromNodes` and `toNodes` fields are used exclusively by nodes and not by other endpoints.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/cilium/cilium/security/advisor… | x_refsource_CONFIRM |
| https://github.com/cilium/cilium/pull/36657 | x_refsource_MISC |
| https://docs.cilium.io/en/stable/security/policy/… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T19:29:35.777701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T19:29:46.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cilium",
"vendor": "cilium",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.16.0, \u003c 1.16.8"
},
{
"status": "affected",
"version": "\u003e= 1.17.0, \u003c 1.17.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies (`fromNodes` and `toNodes`) will incorrectly permit traffic to/from non-node endpoints that share the labels specified in `fromNodes` and `toNodes` sections of network policies. Node based network policy is disabled by default in Cilium. This issue affects: Cilium v1.16 between v1.16.0 and v1.16.7 inclusive and v1.17 between v1.17.0 and v1.17.1 inclusive. This issue is fixed in Cilium v1.16.8 and v1.17.2. Users can work around this issue by ensuring that the labels used in `fromNodes` and `toNodes` fields are used exclusively by nodes and not by other endpoints."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T18:46:35.407Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cilium/cilium/security/advisories/GHSA-c6pf-2v8j-96mc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-c6pf-2v8j-96mc"
},
{
"name": "https://github.com/cilium/cilium/pull/36657",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cilium/cilium/pull/36657"
},
{
"name": "https://docs.cilium.io/en/stable/security/policy/language/#node-based",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cilium.io/en/stable/security/policy/language/#node-based"
}
],
"source": {
"advisory": "GHSA-c6pf-2v8j-96mc",
"discovery": "UNKNOWN"
},
"title": "Node based network policies may incorrectly allow workload traffic"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30163",
"datePublished": "2025-03-24T18:46:35.407Z",
"dateReserved": "2025-03-17T12:41:42.567Z",
"dateUpdated": "2025-03-24T19:29:46.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation ID: MIT-4.4
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Phase: Architecture and Design
Description:
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Phases: System Configuration, Installation
Description:
- Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.