Common Weakness Enumeration

CWE-266

Allowed

Incorrect Privilege Assignment

Abstraction: Base · Status: Draft

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

1913 vulnerabilities reference this CWE, most recent first.

GHSA-JCPX-68WR-V54V

Vulnerability from github – Published: 2025-12-28 06:31 – Updated: 2025-12-28 06:31
VLAI
Details

A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList. This manipulation of the argument departId causes improper authorization. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-15120"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-28T05:15:56Z",
    "severity": "LOW"
  },
  "details": "A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList. This manipulation of the argument departId causes improper authorization. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-jcpx-68wr-v54v",
  "modified": "2025-12-28T06:31:32Z",
  "published": "2025-12-28T06:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15120"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Hwwg/cve/issues/33"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.338498"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.338498"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.711772"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JFF6-CPXV-52X3

Vulnerability from github – Published: 2025-10-09 21:31 – Updated: 2025-10-11 21:30
VLAI
Details

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-11554"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-09T20:15:37Z",
    "severity": "MODERATE"
  },
  "details": "A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.",
  "id": "GHSA-jff6-cpxv-52x3",
  "modified": "2025-10-11T21:30:11Z",
  "published": "2025-10-09T21:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11554"
    },
    {
      "type": "WEB",
      "url": "https://docs.google.com/document/d/1yGubpU9I6JnkKsrdNRP6bUCeQv3ZDcknXAHOzFZBkGQ"
    },
    {
      "type": "WEB",
      "url": "https://github.com/m3m0o/portabilis-ieducar-user-type-privilege-escalation"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.327714"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.327714"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.671072"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JFGW-C7C9-FXG2

Vulnerability from github – Published: 2025-09-14 06:30 – Updated: 2025-09-14 06:30
VLAI
Details

A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10389"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-14T04:15:39Z",
    "severity": "MODERATE"
  },
  "details": "A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-jfgw-c7c9-fxg2",
  "modified": "2025-09-14T06:30:19Z",
  "published": "2025-09-14T06:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10389"
    },
    {
      "type": "WEB",
      "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb013.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.323824"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.323824"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.644543"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JFJ5-MV8J-63WV

Vulnerability from github – Published: 2026-03-08 21:30 – Updated: 2026-03-08 21:30
VLAI
Details

A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmin_delete_manager.php of the component Endpoint. The manipulation of the argument manager_id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3762"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-08T19:16:01Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmin_delete_manager.php of the component Endpoint. The manipulation of the argument manager_id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-jfj5-mv8j-63wv",
  "modified": "2026-03-08T21:30:14Z",
  "published": "2026-03-08T21:30:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3762"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/Adarshh-A/1aae387a3cf4ea05c871ddafc64d0348"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.349740"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.349740"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.768122"
    },
    {
      "type": "WEB",
      "url": "https://www.sourcecodester.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JFVX-5RR4-H3PM

Vulnerability from github – Published: 2025-06-09 18:32 – Updated: 2026-04-01 18:35
VLAI
Details

Incorrect Privilege Assignment vulnerability in RomanCode MapSVG allows Privilege Escalation. This issue affects MapSVG: from n/a through 8.5.34.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47561"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-09T16:15:41Z",
    "severity": "HIGH"
  },
  "details": "Incorrect Privilege Assignment vulnerability in RomanCode MapSVG allows Privilege Escalation. This issue affects MapSVG: from n/a through 8.5.34.",
  "id": "GHSA-jfvx-5rr4-h3pm",
  "modified": "2026-04-01T18:35:25Z",
  "published": "2025-06-09T18:32:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47561"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/mapsvg/vulnerability/wordpress-mapsvg-8-5-34-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JFX8-784F-WMWW

Vulnerability from github – Published: 2024-12-09 00:31 – Updated: 2024-12-09 00:31
VLAI
Details

A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical. This issue affects some unknown processing of the file /jeewms_war/webpage/system/druid/index.html of the component Druid Monitoring Interface. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12347"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-09T00:15:04Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical. This issue affects some unknown processing of the file /jeewms_war/webpage/system/druid/index.html of the component Druid Monitoring Interface. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-jfx8-784f-wmww",
  "modified": "2024-12-09T00:31:40Z",
  "published": "2024-12-09T00:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12347"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dycccccccc/JEEWMS/blob/main/JEEWMS%20Druid%20monitoring%20interface%20is%20not%20authorized.docx"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.287267"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.287267"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.453917"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JG95-R9XH-XW9C

Vulnerability from github – Published: 2024-08-23 21:30 – Updated: 2025-10-13 15:45
VLAI
Summary
Mage AI incorrectly gives privileges to users with deleted accounts
Details

Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "mage-ai"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.9.73"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-45187"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-613"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-23T22:51:28Z",
    "nvd_published_at": "2024-08-23T19:15:07Z",
    "severity": "MODERATE"
  },
  "details": "Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server.",
  "id": "GHSA-jg95-r9xh-xw9c",
  "modified": "2025-10-13T15:45:48Z",
  "published": "2024-08-23T21:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45187"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mage-ai/mage-ai"
    },
    {
      "type": "WEB",
      "url": "https://research.jfrog.com/vulnerabilities/mage-ai-deleted-users-rce-jfsa-2024-001039602"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Mage AI incorrectly gives privileges to users with deleted accounts"
}

GHSA-JGCF-RF45-2F8V

Vulnerability from github – Published: 2026-04-16 20:40 – Updated: 2026-04-27 14:20
VLAI
Summary
Silverstripe Assets Module has a DBFile::getURL() permission bypass
Details

Impact

Images rendered in templates or otherwise accessed via DBFile::getURL() or DBFile::getSourceURL() incorrectly add an access grant to the current session, which bypasses file permissions.

This usually happens when creating an image variant, for example using a manipulation method like ScaleWidth() or Convert().

Note that if you use DBFile directly in the $db configuration for a DataObject class that doesn't subclass File, and if you were setting the visibility of those files to "protected", those files will now need an explicit access grant to be accessed. If you do not want to explicitly provide access grants for these files (i.e. you want these files to be accessible by default), you should use the "public" visibility.

Reported by

Restruct web & apps

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "silverstripe/assets"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "silverstripe/assets"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-24749"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-16T20:40:37Z",
    "nvd_published_at": "2026-04-16T18:16:44Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nImages rendered in templates or otherwise accessed via `DBFile::getURL()` or `DBFile::getSourceURL()` incorrectly add an access grant to the current session, which bypasses file permissions.\n\nThis usually happens when creating an image variant, for example using a manipulation method like `ScaleWidth()` or `Convert()`.\n\nNote that if you use `DBFile` directly in the `$db` configuration for a `DataObject` class that doesn\u0027t subclass `File`, and if you were setting the visibility of those files to \"protected\", those files will now need an explicit access grant to be accessed. If you do not want to explicitly provide access grants for these files (i.e. you want these files to be accessible by default), you should use the \"public\" visibility.\n\n### Reported by\n\nRestruct web \u0026 apps",
  "id": "GHSA-jgcf-rf45-2f8v",
  "modified": "2026-04-27T14:20:04Z",
  "published": "2026-04-16T20:40:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/silverstripe/silverstripe-assets/security/advisories/GHSA-jgcf-rf45-2f8v"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24749"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2026-24749.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/silverstripe/silverstripe-assets"
    },
    {
      "type": "WEB",
      "url": "https://www.silverstripe.org/download/security-releases/cve-2026-24749"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Silverstripe Assets Module has a DBFile::getURL() permission bypass"
}

GHSA-JHH6-6FHP-Q2XP

Vulnerability from github – Published: 2024-12-18 00:31 – Updated: 2024-12-18 15:43
VLAI
Summary
Open Cluster Management vulnerable to Trust Boundary Violation
Details

A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole also named "cluster-manager", which includes the permission to create Pod resources. If this deployment runs a pod on an attacker-controlled node, the attacker can obtain the cluster-manager's token and steal any service account token by creating and mounting the target service account to control the whole cluster.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "open-cluster-management.io/ocm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.13.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-9779"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-501"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-18T15:43:48Z",
    "nvd_published_at": "2024-12-17T23:15:05Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name \"cluster-manager\" which is bound to a ClusterRole also named \"cluster-manager\", which includes the permission to create Pod resources. If this deployment runs a pod on an attacker-controlled node, the attacker can obtain the cluster-manager\u0027s token and steal any service account token by creating and mounting the target service account to control the whole cluster.",
  "id": "GHSA-jhh6-6fhp-q2xp",
  "modified": "2024-12-18T15:43:48Z",
  "published": "2024-12-18T00:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9779"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open-cluster-management-io/registration-operator/issues/361"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open-cluster-management-io/ocm/pull/325"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-9779"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317916"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/open-cluster-management-io/OCM"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open-cluster-management-io/ocm/releases/tag/v0.13.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Open Cluster Management vulnerable to Trust Boundary Violation"
}

GHSA-JJCP-RRM8-4VX5

Vulnerability from github – Published: 2025-03-31 12:30 – Updated: 2025-03-31 15:30
VLAI
Details

A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/AdvSetWrlGstset of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2990"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-31T10:15:16Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/AdvSetWrlGstset of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-jjcp-rrm8-4vx5",
  "modified": "2025-03-31T15:30:44Z",
  "published": "2025-03-31T12:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2990"
    },
    {
      "type": "WEB",
      "url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-AdvSetWrlGstset-1bc53a41781f8057a621c3def0a56069"
    },
    {
      "type": "WEB",
      "url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-AdvSetWrlGstset-1bc53a41781f8057a621c3def0a56069?pvs=4"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.302039"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.302039"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.523404"
    },
    {
      "type": "WEB",
      "url": "https://www.tenda.com.cn"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

No CAPEC attack patterns related to this CWE.