CWE-288
AllowedAuthentication Bypass Using an Alternate Path or Channel
Abstraction: Base · Status: Incomplete
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
1072 vulnerabilities reference this CWE, most recent first.
CVE-2025-3639 (GCVE-0-2025-3639)
Vulnerability from cvelistv5 – Published: 2025-08-18 16:48 – Updated: 2025-08-18 19:51- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| Vendor | Product | Version | |
|---|---|---|---|
| Liferay | Portal |
Affected:
7.3.0 , ≤ 7.4.3.132
(maven)
|
|
| Liferay | DXP |
Affected:
7.3.10 , ≤ 7.3.10-u36
(maven)
Affected: 7.4.13 , ≤ 7.4.13-u92 (maven) Affected: 2024.Q1.1 , ≤ 2024.Q1.15 (maven) Affected: 2024Q2.0 , ≤ 2023.Q2.13 (maven) Affected: 2024.Q3.1 , ≤ 2024.Q3.13 (maven) Affected: 2024.Q4.0 , ≤ 2024.Q4.7 (maven) Affected: 2025.Q1.0 , ≤ 2025.Q1.6 (maven) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3639",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T19:51:41.548713Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T19:51:51.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Portal",
"vendor": "Liferay",
"versions": [
{
"lessThanOrEqual": "7.4.3.132",
"status": "affected",
"version": "7.3.0",
"versionType": "maven"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DXP",
"vendor": "Liferay",
"versions": [
{
"lessThanOrEqual": "7.3.10-u36",
"status": "affected",
"version": "7.3.10",
"versionType": "maven"
},
{
"lessThanOrEqual": "7.4.13-u92",
"status": "affected",
"version": "7.4.13",
"versionType": "maven"
},
{
"lessThanOrEqual": "2024.Q1.15",
"status": "affected",
"version": "2024.Q1.1",
"versionType": "maven"
},
{
"lessThanOrEqual": "2023.Q2.13",
"status": "affected",
"version": "2024Q2.0",
"versionType": "maven"
},
{
"lessThanOrEqual": "2024.Q3.13",
"status": "affected",
"version": "2024.Q3.1",
"versionType": "maven"
},
{
"lessThanOrEqual": "2024.Q4.7",
"status": "affected",
"version": "2024.Q4.0",
"versionType": "maven"
},
{
"lessThanOrEqual": "2025.Q1.6",
"status": "affected",
"version": "2025.Q1.0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36 allows unauthenticated users with valid credentials to bypass the login process by changing the POST method to GET, once the site has MFA enabled."
}
],
"value": "Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36 allows unauthenticated users with valid credentials to bypass the login process by changing the POST method to GET, once the site has MFA enabled."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T16:48:41.222Z",
"orgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3",
"shortName": "Liferay"
},
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3639"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3",
"assignerShortName": "Liferay",
"cveId": "CVE-2025-3639",
"datePublished": "2025-08-18T16:48:41.222Z",
"dateReserved": "2025-04-15T11:49:52.301Z",
"dateUpdated": "2025-08-18T19:51:51.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2747 (GCVE-0-2025-2747)
Vulnerability from cvelistv5 – Published: 2025-03-24 18:17 – Updated: 2026-02-26 19:09- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| URL | Tags |
|---|---|
| https://labs.watchtowr.com/bypassing-authenticati… | technical-descriptionexploit |
| https://devnet.kentico.com/download/hotfixes | vendor-advisorypatch |
| https://github.com/watchtowrlabs/kentico-xperienc… | exploit |
| https://www.vulncheck.com/advisories/kentico-xper… | third-party-advisory |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2747",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T03:55:14.273868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-10-20",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2747"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:09:15.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2747"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-20T00:00:00.000Z",
"value": "CVE-2025-2747 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Staging"
],
"product": "Xperience",
"vendor": "Kentico",
"versions": [
{
"lessThanOrEqual": "13.0.178",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*",
"versionEndIncluding": "13.0.178",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Piotr Bazydlo (watchTowr)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.\u003cp\u003eThis issue affects Xperience through 13.0.178.\u003c/p\u003e"
}
],
"value": "An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.178."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T19:32:55.200Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://devnet.kentico.com/download/hotfixes"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/watchtowrlabs/kentico-xperience13-AuthBypass-wt-2025-0011"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/kentico-xperience-staging-sync-server-none-password-type-authentication-bypass"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Kentico Xperience \u003c= 13.0.178 Staging Sync Server None Password Type Authentication Bypass",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-2747",
"datePublished": "2025-03-24T18:17:06.079Z",
"dateReserved": "2025-03-24T16:39:13.884Z",
"dateUpdated": "2026-02-26T19:09:15.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-2746 (GCVE-0-2025-2746)
Vulnerability from cvelistv5 – Published: 2025-03-24 18:16 – Updated: 2026-02-26 19:09- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| URL | Tags |
|---|---|
| https://labs.watchtowr.com/bypassing-authenticati… | technical-descriptionexploit |
| https://devnet.kentico.com/download/hotfixes | vendor-advisorypatch |
| https://github.com/watchtowrlabs/kentico-xperienc… | exploit |
| https://www.vulncheck.com/advisories/kentico-xper… | third-party-advisory |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2746",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T03:55:13.097447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-10-20",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2746"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:09:16.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2746"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-20T00:00:00.000Z",
"value": "CVE-2025-2746 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Staging"
],
"product": "Xperience",
"vendor": "Kentico",
"versions": [
{
"lessThanOrEqual": "13.0.172",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*",
"versionEndIncluding": "13.0.172",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Piotr Bazydlo (watchTowr)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.\u003cp\u003eThis issue affects Xperience through 13.0.172.\u003c/p\u003e"
}
],
"value": "An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T19:32:37.733Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://devnet.kentico.com/download/hotfixes"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/watchtowrlabs/kentico-xperience13-AuthBypass-wt-2025-0011"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/kentico-xperience-staging-sync-server-digest-password-authentication-bypass"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Kentico Xperience \u003c= 13.0.172 Staging Sync Server Digest Password Authentication Bypass",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-2746",
"datePublished": "2025-03-24T18:16:04.022Z",
"dateReserved": "2025-03-24T16:39:11.689Z",
"dateUpdated": "2026-02-26T19:09:16.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-2492 (GCVE-0-2025-2492)
Vulnerability from cvelistv5 – Published: 2025-04-18 08:57 – Updated: 2026-02-24 00:18- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| URL | Tags |
|---|---|
| https://www.asus.com/content/asus-product-securit… | vendor-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T11:36:20.661021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T12:00:06.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Router",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "3.0.0.4_382 series"
},
{
"status": "affected",
"version": "3.0.0.4_386 series"
},
{
"status": "affected",
"version": "3.0.0.4_388 series"
},
{
"status": "affected",
"version": "3.0.0.6_102 series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nanyu Zhong of VARAS@IIE"
},
{
"lang": "en",
"type": "reporter",
"value": "NICTER Analysis Team of Cybersecurity Research Institute, National Institute of Information and Communications Technology"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions.\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eRefer to the \u0027ASUS Router AiCloud vulnerability\u0027 section on the ASUS Security Advisory for more information.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions.\n\n\nRefer to the \u0027ASUS Router AiCloud vulnerability\u0027 section on the ASUS Security Advisory for more information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T00:18:59.984Z",
"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"shortName": "ASUS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.asus.com/content/asus-product-security-advisory/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"assignerShortName": "ASUS",
"cveId": "CVE-2025-2492",
"datePublished": "2025-04-18T08:57:23.793Z",
"dateReserved": "2025-03-18T09:23:01.928Z",
"dateUpdated": "2026-02-24T00:18:59.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-2080 (GCVE-0-2025-2080)
Vulnerability from cvelistv5 – Published: 2025-03-13 16:57 – Updated: 2025-03-13 18:46- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Optigo Networks | Visual BACnet Capture Tool |
Affected:
3.1.2rc11
|
|
| Optigo Networks | Optigo Visual Networks Capture Tool |
Affected:
3.1.2rc11
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-13T18:46:34.960491Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T18:46:42.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Visual BACnet Capture Tool",
"vendor": "Optigo Networks",
"versions": [
{
"status": "affected",
"version": "3.1.2rc11"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Optigo Visual Networks Capture Tool",
"vendor": "Optigo Networks",
"versions": [
{
"status": "affected",
"version": "3.1.2rc11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tomer Goldschmidt of Claroty Team82"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eOptigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication measures and gain controls over utilities within the products.\u003c/p\u003e"
}
],
"value": "Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication measures and gain controls over utilities within the products."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T16:57:30.147Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-070-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOptigo Networks recommends users to upgrade to the following:\u003c/p\u003e\u003cul\u003e\u003cli\u003eVisual BACnet Capture Tool: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://optigo.zendesk.com/hc/en-us/sections/360011386412-Capture-Tool-Software-Visual-BACnet\"\u003eVersion v3.1.3rc8\u003c/a\u003e\u003c/li\u003e\u003cli\u003eOptigo Visual Networks Capture Tool: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://optigo.zendesk.com/hc/en-us/sections/20125604316813-Capture-Tool-Software-Optigo-Visual-Networks\"\u003eVersion v3.1.3rc8\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "Optigo Networks recommends users to upgrade to the following:\n\n * Visual BACnet Capture Tool: Version v3.1.3rc8 https://optigo.zendesk.com/hc/en-us/sections/360011386412-Capture-Tool-Software-Visual-BACnet \n * Optigo Visual Networks Capture Tool: Version v3.1.3rc8 https://optigo.zendesk.com/hc/en-us/sections/20125604316813-Capture-Tool-Software-Optigo-Visual-Networks"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-2080",
"datePublished": "2025-03-13T16:57:30.147Z",
"dateReserved": "2025-03-06T22:01:47.991Z",
"dateUpdated": "2025-03-13T18:46:42.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1909 (GCVE-0-2025-1909)
Vulnerability from cvelistv5 – Published: 2025-05-05 19:42 – Updated: 2026-04-08 17:02- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| Vendor | Product | Version | |
|---|---|---|---|
| BuddyBoss | BuddyBoss Platform Pro |
Affected:
0 , ≤ 2.7.01
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T20:01:10.968335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T20:01:47.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BuddyBoss Platform Pro",
"vendor": "BuddyBoss",
"versions": [
{
"lessThanOrEqual": "2.7.01",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:02:46.314Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7cce9b8b-0589-4b09-b184-a66fc86fcb46?source=cve"
},
{
"url": "https://www.buddyboss.com/resources/buddyboss-platform-pro-releases/"
},
{
"url": "https://www.buddyboss.com/resources/buddyboss-platform-pro-releases/2-7-10/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-03T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-03-03T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-05-05T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "BuddyBoss Platform Pro \u003c= 2.7.01 - Authentication Bypass via Apple OAuth provider"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-1909",
"datePublished": "2025-05-05T19:42:25.763Z",
"dateReserved": "2025-03-03T20:30:59.037Z",
"dateUpdated": "2026-04-08T17:02:46.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1739 (GCVE-0-2025-1739)
Vulnerability from cvelistv5 – Published: 2025-02-27 12:45 – Updated: 2025-02-27 14:24| Vendor | Product | Version | |
|---|---|---|---|
| Trivision | Camera NC227WF |
Unaffected:
5.8.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T14:24:04.352327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T14:24:12.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Camera NC227WF",
"vendor": "Trivision",
"versions": [
{
"status": "unaffected",
"version": "5.8.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Brosio"
},
{
"lang": "en",
"type": "finder",
"value": "Andris Raugulis"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Authentication Bypass vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity. This vulnerability allows an attacker to retrieve administrator\u0027s credentials in cleartext by sending a request against the server using curl with random credentials to \"/en/player/activex_pal.asp\" and successfully authenticating the application."
}
],
"value": "An Authentication Bypass vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity. This vulnerability allows an attacker to retrieve administrator\u0027s credentials in cleartext by sending a request against the server using curl with random credentials to \"/en/player/activex_pal.asp\" and successfully authenticating the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T12:47:10.616Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-trivision-camera-nc227wf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time. \u003cbr\u003e"
}
],
"value": "There is no reported solution at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple vulnerabilities in Trivision Camera NC227WF",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-1739",
"datePublished": "2025-02-27T12:45:26.314Z",
"dateReserved": "2025-02-27T08:34:32.796Z",
"dateUpdated": "2025-02-27T14:24:12.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1717 (GCVE-0-2025-1717)
Vulnerability from cvelistv5 – Published: 2025-02-27 07:23 – Updated: 2026-04-08 17:34- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| Vendor | Product | Version | |
|---|---|---|---|
| pluginly | Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress |
Affected:
0 , ≤ 1.7.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1717",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T14:38:18.277150Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T14:38:26.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Login Me Now \u2013 Passwordless, Magic Link, OTP \u0026 Social Login for WordPress",
"vendor": "pluginly",
"versions": [
{
"lessThanOrEqual": "1.7.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.2. This is due to insecure authentication based on an arbitrary transient name in the \u0027AutoLogin::listen()\u0027 function. This makes it possible for unauthenticated attackers to log in an existing user on the site, even an administrator. Note: this vulnerability requires using a transient name and value from another software, so the plugin is not inherently vulnerable on it\u0027s own."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:34:46.312Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fc689622-50d6-47c4-a5f6-0314b1a207c9?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-me-now/tags/1.7.2/app/Logins/BrowserTokenLogin/AutoLogin.php#L24"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3247924/login-me-now"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-26T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-02-26T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-02-26T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Login Me Now \u003c= 1.7.2 - Authentication Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-1717",
"datePublished": "2025-02-27T07:23:13.273Z",
"dateReserved": "2025-02-26T15:43:02.736Z",
"dateUpdated": "2026-04-08T17:34:46.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1671 (GCVE-0-2025-1671)
Vulnerability from cvelistv5 – Published: 2025-03-01 07:24 – Updated: 2026-04-08 17:06- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| Vendor | Product | Version | |
|---|---|---|---|
| Elated-Themes | Academist Membership |
Affected:
0 , ≤ 1.1.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1671",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T20:55:27.958074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T20:56:52.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Academist Membership",
"vendor": "Elated-Themes",
"versions": [
{
"lessThanOrEqual": "1.1.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tonn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. This is due to the academist_membership_check_facebook_user() function not properly verifying a user\u0027s identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as any user, including site administrators."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:06:54.805Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/911a9550-1f62-4f28-9d8c-00d9769949c9?source=cve"
},
{
"url": "https://themeforest.net/item/academist-a-modern-learning-management-system-and-education-theme/22376830"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-28T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Academist Membership \u003c= 1.1.6 - Authentication Bypass via Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-1671",
"datePublished": "2025-03-01T07:24:04.682Z",
"dateReserved": "2025-02-24T21:51:36.610Z",
"dateUpdated": "2026-04-08T17:06:54.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1638 (GCVE-0-2025-1638)
Vulnerability from cvelistv5 – Published: 2025-03-01 07:24 – Updated: 2026-04-08 16:56- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| Vendor | Product | Version | |
|---|---|---|---|
| Edge-Themes | Alloggio Membership |
Affected:
0 , ≤ 1.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T20:55:30.719861Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T20:56:57.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Alloggio Membership",
"vendor": "Edge-Themes",
"versions": [
{
"lessThanOrEqual": "1.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tonn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Alloggio Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user\u0027s identity through the alloggio_membership_init_rest_api_facebook_login and alloggio_membership_init_rest_api_google_login functions. This makes it possible for unauthenticated attackers to log in as any user, including administrators, without knowing a password."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:56:33.805Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/60405e54-e869-4623-892c-0821014f887b?source=cve"
},
{
"url": "https://themeforest.net/item/alloggio-hotel-booking-theme/26775539"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-28T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Alloggio Membership \u003c= 1.1 - Authentication Bypass via Social Login Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-1638",
"datePublished": "2025-03-01T07:24:04.067Z",
"dateReserved": "2025-02-24T16:46:22.040Z",
"dateUpdated": "2026-04-08T16:56:33.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.