Common Weakness Enumeration

CWE-266

Allowed

Incorrect Privilege Assignment

Abstraction: Base · Status: Draft

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

1913 vulnerabilities reference this CWE, most recent first.

CVE-2025-14889 (GCVE-0-2025-14889)

Vulnerability from cvelistv5 – Published: 2025-12-18 20:02 – Updated: 2026-02-24 05:54 X_Freeware
VLAI
Title
Campcodes Advanced Voting Management System Password voters_edit.php improper authorization
Summary
A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/voters_edit.php of the component Password Handler. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-285 - Improper Authorization
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
URL Tags
https://vuldb.com/?id.337378 vdb-entrytechnical-description
https://vuldb.com/?ctiid.337378 signaturepermissions-required
https://vuldb.com/?submit.715643 third-party-advisory
https://gist.github.com/nikstudy576-maker/82e1e1e… exploit
https://www.campcodes.com/ product
Impacted products
Vendor Product Version
Campcodes Advanced Voting Management System Affected: 1.0
    cpe:2.3:a:campcodes:advanced_voting_management_system:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Err404 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14889",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-18T20:15:32.560335Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-18T20:15:44.091Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:campcodes:advanced_voting_management_system:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Password Handler"
          ],
          "product": "Advanced Voting Management System",
          "vendor": "Campcodes",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Err404 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/voters_edit.php of the component Password Handler. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.5,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-24T05:54:36.637Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-337378 | Campcodes Advanced Voting Management System Password voters_edit.php improper authorization",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.337378"
        },
        {
          "name": "VDB-337378 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.337378"
        },
        {
          "name": "Submit #715643 | campcodes Advanced Voting Management System using PHP/MySQLi 1.0 Authentication Bypass",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.715643"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gist.github.com/nikstudy576-maker/82e1e1ede9b848880aa09b87b92bc22c"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.campcodes.com/"
        }
      ],
      "tags": [
        "x_freeware"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-18T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-12-18T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-12-25T01:47:25.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Campcodes Advanced Voting Management System Password voters_edit.php improper authorization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-14889",
    "datePublished": "2025-12-18T20:02:07.993Z",
    "dateReserved": "2025-12-18T14:12:13.912Z",
    "dateUpdated": "2026-02-24T05:54:36.637Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14778 (GCVE-0-2025-14778)

Vulnerability from cvelistv5 – Published: 2026-02-09 18:58 – Updated: 2026-02-10 01:04
VLAI
Title
Keycloak: incorrect ownership checks in /uma-policy/
Summary
A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService (UMA Protection API). When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's ownership against the first resource in the policy's list. This allows a user (Owner A) who owns one resource (RA) to update a shared policy and modify authorization rules for other resources (e.g., RB) in that same policy, even if those other resources are owned by a different user (Owner B). This constitutes a horizontal privilege escalation.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
URL Tags
https://access.redhat.com/errata/RHSA-2026:2363 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2364 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2365 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2366 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-14778 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2422600 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2.13-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-15 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 26.2.13     cpe:/a:redhat:build_keycloak:26.2::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4.9-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-11 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-10 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 26.4.9     cpe:/a:redhat:build_keycloak:26.4::el9
Create a notification for this product.
Date Public
2026-02-09 18:24
Credits
Red Hat would like to thank Joshua Rogers for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14778",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-09T19:51:45.628050Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-09T19:51:55.663Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2.13-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-15",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-15",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.2.13",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.9-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4.9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Joshua Rogers for reporting this issue."
        }
      ],
      "datePublic": "2026-02-09T18:24:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService (UMA Protection API). When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller\u0027s ownership against the first resource in the policy\u0027s list. This allows a user (Owner A) who owns one resource (RA) to update a shared policy and modify authorization rules for other resources (e.g., RB) in that same policy, even if those other resources are owned by a different user (Owner B). This constitutes a horizontal privilege escalation."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-10T01:04:37.407Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:2363",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:2363"
        },
        {
          "name": "RHSA-2026:2364",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:2364"
        },
        {
          "name": "RHSA-2026:2365",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:2365"
        },
        {
          "name": "RHSA-2026:2366",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:2366"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-14778"
        },
        {
          "name": "RHBZ#2422600",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422600"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-16T05:01:06.107Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-02-09T18:24:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: incorrect ownership checks in /uma-policy/",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-14778",
    "datePublished": "2026-02-09T18:58:29.065Z",
    "dateReserved": "2025-12-16T05:02:19.510Z",
    "dateUpdated": "2026-02-10T01:04:37.407Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14749 (GCVE-0-2025-14749)

Vulnerability from cvelistv5 – Published: 2025-12-16 03:02 – Updated: 2025-12-16 20:48
VLAI
Title
Ningyuanda TC155 ONVIF PTZ Control device_service access control
Summary
A vulnerability was identified in Ningyuanda TC155 57.0.2.0. This impacts an unknown function of the file /onvif/device_service of the component ONVIF PTZ Control Interface. The manipulation leads to improper access controls. The attack requires being on the local network. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-284 - Improper Access Controls
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
Vendor Product Version
Ningyuanda TC155 Affected: 57.0.2.0
Create a notification for this product.
Credits
keroomi (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14749",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-16T20:46:17.290265Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-16T20:48:27.694Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "ONVIF PTZ Control Interface"
          ],
          "product": "TC155",
          "vendor": "Ningyuanda",
          "versions": [
            {
              "status": "affected",
              "version": "57.0.2.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "keroomi (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was identified in Ningyuanda TC155 57.0.2.0. This impacts an unknown function of the file /onvif/device_service of the component ONVIF PTZ Control Interface. The manipulation leads to improper access controls. The attack requires being on the local network. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.8,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Controls",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T03:02:10.508Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-336522 | Ningyuanda TC155 ONVIF PTZ Control device_service access control",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.336522"
        },
        {
          "name": "VDB-336522 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.336522"
        },
        {
          "name": "Submit #707198 | Shenzhen Ningyuanda Technology Co., Ltd. TC155 IP Camera Firmware version: 57.0.2.0 Unauthenticated ONVIF PTZ Full Remote Camera Control",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.707198"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/pwnpwnpur1n/IoT-advisories/blob/main/TC155-Unauth-PTZ-Remote-Control.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-15T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-12-15T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-12-15T21:44:29.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Ningyuanda TC155 ONVIF PTZ Control device_service access control"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-14749",
    "datePublished": "2025-12-16T03:02:10.508Z",
    "dateReserved": "2025-12-15T20:39:20.608Z",
    "dateUpdated": "2025-12-16T20:48:27.694Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14748 (GCVE-0-2025-14748)

Vulnerability from cvelistv5 – Published: 2025-12-16 03:02 – Updated: 2025-12-16 21:01
VLAI
Title
Ningyuanda TC155 ONVIF Device Management Service device_service access control
Summary
A vulnerability was determined in Ningyuanda TC155 57.0.2.0. This affects an unknown function of the file /onvif/device_service of the component ONVIF Device Management Service. Executing manipulation of the argument FactoryDefault with the input Hard can lead to improper access controls. The attack requires access to the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-284 - Improper Access Controls
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
URL Tags
https://vuldb.com/?id.336521 vdb-entrytechnical-description
https://vuldb.com/?ctiid.336521 signaturepermissions-required
https://vuldb.com/?submit.707197 third-party-advisory
https://github.com/pwnpwnpur1n/IoT-advisories/blo… exploit
Impacted products
Vendor Product Version
Ningyuanda TC155 Affected: 57.0.2.0
Create a notification for this product.
Credits
keroomi (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14748",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-16T20:48:51.659721Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-16T21:01:07.215Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "ONVIF Device Management Service"
          ],
          "product": "TC155",
          "vendor": "Ningyuanda",
          "versions": [
            {
              "status": "affected",
              "version": "57.0.2.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "keroomi (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in Ningyuanda TC155 57.0.2.0. This affects an unknown function of the file /onvif/device_service of the component ONVIF Device Management Service. Executing manipulation of the argument FactoryDefault with the input Hard can lead to improper access controls. The attack requires access to the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4.8,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Controls",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T03:02:08.269Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-336521 | Ningyuanda TC155 ONVIF Device Management Service device_service access control",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.336521"
        },
        {
          "name": "VDB-336521 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.336521"
        },
        {
          "name": "Submit #707197 | Shenzhen Ningyuanda Technology Co., Ltd. TC155 IP Camera Firmware version: 57.0.2.0 Unauthenticated Hard Reset via ONVIF SetSystemFactoryDefault",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.707197"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/pwnpwnpur1n/IoT-advisories/blob/main/TC155-Unauth-Hard-Reset.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-15T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-12-15T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-12-15T21:44:28.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Ningyuanda TC155 ONVIF Device Management Service device_service access control"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-14748",
    "datePublished": "2025-12-16T03:02:08.269Z",
    "dateReserved": "2025-12-15T20:39:17.819Z",
    "dateUpdated": "2025-12-16T21:01:07.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14660 (GCVE-0-2025-14660)

Vulnerability from cvelistv5 – Published: 2025-12-14 12:32 – Updated: 2025-12-15 20:55 X_Open Source
VLAI
Title
DecoCMS Mesh Workspace Domain api.ts createTool access control
Summary
A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been published and may be used. Upgrading to version 1.0.0-alpha.32 addresses this issue. Patch name: 5f7315e05852faf3a9c177c0a34f9ea9b0371d3d. It is recommended to upgrade the affected component.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-284 - Improper Access Controls
  • CWE-266 - Incorrect Privilege Assignment
Assigner
Impacted products
Vendor Product Version
DecoCMS Mesh Affected: 1.0.0-alpha.0
Affected: 1.0.0-alpha.1
Affected: 1.0.0-alpha.2
Affected: 1.0.0-alpha.3
Affected: 1.0.0-alpha.4
Affected: 1.0.0-alpha.5
Affected: 1.0.0-alpha.6
Affected: 1.0.0-alpha.7
Affected: 1.0.0-alpha.8
Affected: 1.0.0-alpha.9
Affected: 1.0.0-alpha.10
Affected: 1.0.0-alpha.11
Affected: 1.0.0-alpha.12
Affected: 1.0.0-alpha.13
Affected: 1.0.0-alpha.14
Affected: 1.0.0-alpha.15
Affected: 1.0.0-alpha.16
Affected: 1.0.0-alpha.17
Affected: 1.0.0-alpha.18
Affected: 1.0.0-alpha.19
Affected: 1.0.0-alpha.20
Affected: 1.0.0-alpha.21
Affected: 1.0.0-alpha.22
Affected: 1.0.0-alpha.23
Affected: 1.0.0-alpha.24
Affected: 1.0.0-alpha.25
Affected: 1.0.0-alpha.26
Affected: 1.0.0-alpha.27
Affected: 1.0.0-alpha.28
Affected: 1.0.0-alpha.29
Affected: 1.0.0-alpha.30
Affected: 1.0.0-alpha.31
Unaffected: 1.0.0-alpha.32
Create a notification for this product.
Credits
cucumbersalad (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14660",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-15T20:54:55.484541Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-15T20:55:13.242Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Workspace Domain Handler"
          ],
          "product": "Mesh",
          "vendor": "DecoCMS",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0-alpha.0"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.1"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.2"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.3"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.4"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.5"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.6"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.7"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.8"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.9"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.10"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.11"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.12"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.13"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.14"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.15"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.16"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.17"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.18"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.19"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.20"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.21"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.22"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.23"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.24"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.25"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.26"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.27"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.28"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.29"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.30"
            },
            {
              "status": "affected",
              "version": "1.0.0-alpha.31"
            },
            {
              "status": "unaffected",
              "version": "1.0.0-alpha.32"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "cucumbersalad (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been published and may be used. Upgrading to version 1.0.0-alpha.32 addresses this issue. Patch name: 5f7315e05852faf3a9c177c0a34f9ea9b0371d3d. It is recommended to upgrade the affected component."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.1,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Controls",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-14T12:32:08.752Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-336392 | DecoCMS Mesh Workspace Domain api.ts createTool access control",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.336392"
        },
        {
          "name": "VDB-336392 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.336392"
        },
        {
          "name": "Submit #713741 | Deco deco-mesh runtime v1.0.0-alpha.31 Improper Access Controls",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.713741"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/decocms/mesh/pull/1967"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/decocms/mesh/pull/1967#issuecomment-3622379237"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/decocms/mesh/pull/1967#issue-3700934099"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/decocms/mesh/commit/5f7315e05852faf3a9c177c0a34f9ea9b0371d3d"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/decocms/mesh/releases/tag/runtime-v1.0.0-alpha.32"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-13T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-12-13T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-12-13T14:30:21.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "DecoCMS Mesh Workspace Domain api.ts createTool access control"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-14660",
    "datePublished": "2025-12-14T12:32:08.752Z",
    "dateReserved": "2025-12-13T13:25:14.748Z",
    "dateUpdated": "2025-12-15T20:55:13.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14503 (GCVE-0-2025-14503)

Vulnerability from cvelistv5 – Published: 2025-12-15 19:45 – Updated: 2026-02-26 16:07
VLAI
Title
Overly Permissive Trust Policy in Harmonix on AWS EKS
Summary
An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any IAM principal in the same AWS account with sts:AssumeRole permissions to assume the role with administrative privileges. We recommend customers upgrade to Harmonix on AWS v0.4.2 or later if you have deployed the framework using versions v0.3.0 through v0.4.1.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
Impacted products
Vendor Product Version
AWS Harmonix on AWS Affected: 0.3.0 , < 0.4.2 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14503",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-16T04:56:04.348854Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T16:07:40.181Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Harmonix on AWS",
          "vendor": "AWS",
          "versions": [
            {
              "lessThan": "0.4.2",
              "status": "affected",
              "version": "0.3.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eAn overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any IAM principal in the same AWS account with sts:AssumeRole permissions to assume the role with administrative privileges.\u003c/p\u003e\u003cbr\u003eWe recommend customers upgrade to Harmonix on AWS v0.4.2 or later if you have deployed the framework using versions v0.3.0 through v0.4.1. \u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any IAM principal in the same AWS account with sts:AssumeRole permissions to assume the role with administrative privileges.\n\n\nWe recommend customers upgrade to Harmonix on AWS v0.4.2 or later if you have deployed the framework using versions v0.3.0 through v0.4.1."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266 Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T23:13:44.545Z",
        "orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
        "shortName": "AMZN"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/awslabs/harmonix/pull/189"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-031/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://github.com/awslabs/harmonix/security/advisories/GHSA-qm86-gqrq-mqcw"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Overly Permissive Trust Policy in Harmonix on AWS EKS",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
    "assignerShortName": "AMZN",
    "cveId": "CVE-2025-14503",
    "datePublished": "2025-12-15T19:45:00.729Z",
    "dateReserved": "2025-12-10T21:04:10.009Z",
    "dateUpdated": "2026-02-26T16:07:40.181Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14282 (GCVE-0-2025-14282)

Vulnerability from cvelistv5 – Published: 2026-02-12 21:37 – Updated: 2026-02-18 20:45
VLAI
Title
Dropbear: privilege escalation via unix domain socket forwardings
Summary
A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's files. With the recent ability of also using unix domain sockets as the forwarding destination any user able to log in via ssh can connect to any unix socket with the root's credentials, bypassing both file system restrictions and any SO_PEERCRED / SO_PASSCRED checks performed by the peer.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
Impacted products
Vendor Product Version
https://github.com/mkj/dropbear/ dropbear Affected: 2024.84 , < 2025.88 (custom)
Create a notification for this product.
Date Public
2025-12-16 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-02-12T22:10:33.107Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/12/16/4"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/12/17/1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14282",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-13T16:20:24.349443Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-13T16:20:35.533Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/mkj/dropbear/",
          "defaultStatus": "unaffected",
          "packageName": "dropbear",
          "product": "dropbear",
          "vendor": "https://github.com/mkj/dropbear/",
          "versions": [
            {
              "lessThan": "2025.88",
              "status": "affected",
              "version": "2024.84",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2025-12-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root,\nonly switching to the logged-in user upon spawning a shell or performing\nsome operations like reading the user\u0027s files.\nWith the recent ability of also using unix domain sockets as the forwarding destination any user able to log in via ssh can connect to any unix socket with the root\u0027s credentials, bypassing both file system restrictions and any SO_PEERCRED / SO_PASSCRED checks performed by the peer."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-18T20:45:49.221Z",
        "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "shortName": "fedora"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-14282"
        },
        {
          "name": "RHBZ#2420052",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420052"
        },
        {
          "url": "https://github.com/mkj/dropbear/pull/391"
        },
        {
          "url": "https://github.com/mkj/dropbear/pull/394"
        },
        {
          "url": "https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.html"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-08T16:46:48.481Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-12-16T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Dropbear: privilege escalation via unix domain socket forwardings",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
    "assignerShortName": "fedora",
    "cveId": "CVE-2025-14282",
    "datePublished": "2026-02-12T21:37:57.157Z",
    "dateReserved": "2025-12-08T17:48:22.565Z",
    "dateUpdated": "2026-02-18T20:45:49.221Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14206 (GCVE-0-2025-14206)

Vulnerability from cvelistv5 – Published: 2025-12-08 00:02 – Updated: 2025-12-08 17:11 X_Freeware
VLAI
Title
SourceCodester Online Student Clearance System Fee Table delete-fee.php improper authorization
Summary
A vulnerability was determined in SourceCodester Online Student Clearance System 1.0. The affected element is an unknown function of the file /Admin/delete-fee.php of the component Fee Table Handler. Executing manipulation of the argument ID can lead to improper authorization. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-285 - Improper Authorization
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
URL Tags
https://vuldb.com/?id.334649 vdb-entrytechnical-description
https://vuldb.com/?ctiid.334649 signaturepermissions-required
https://vuldb.com/?submit.700465 third-party-advisory
https://github.com/rassec2/dbcve/issues/8 exploitissue-tracking
https://www.sourcecodester.com/ product
Impacted products
Credits
yudeshui (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14206",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-08T17:01:31.744170Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-08T17:11:37.718Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Fee Table Handler"
          ],
          "product": "Online Student Clearance System",
          "vendor": "SourceCodester",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "yudeshui (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in SourceCodester Online Student Clearance System 1.0. The affected element is an unknown function of the file /Admin/delete-fee.php of the component Fee Table Handler. Executing manipulation of the argument ID can lead to improper authorization. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.4,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-08T00:02:06.916Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-334649 | SourceCodester Online Student Clearance System Fee Table delete-fee.php improper authorization",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.334649"
        },
        {
          "name": "VDB-334649 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.334649"
        },
        {
          "name": "Submit #700465 | Sourcecodester Online Student Clearance System Project 1.0 /Admin/delete-fee.php Broken Access Control",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.700465"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/rassec2/dbcve/issues/8"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.sourcecodester.com/"
        }
      ],
      "tags": [
        "x_freeware"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-07T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-12-07T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-12-07T09:07:24.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "SourceCodester Online Student Clearance System Fee Table delete-fee.php improper authorization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-14206",
    "datePublished": "2025-12-08T00:02:06.916Z",
    "dateReserved": "2025-12-07T08:02:14.254Z",
    "dateUpdated": "2025-12-08T17:11:37.718Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14089 (GCVE-0-2025-14089)

Vulnerability from cvelistv5 – Published: 2025-12-05 15:32 – Updated: 2025-12-05 16:47
VLAI
Title
Himool ERP AdminActionViewSet update_account improper authorization
Summary
A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function update_account of the file /api/admin/update_account/ of the component AdminActionViewSet. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-285 - Improper Authorization
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
URL Tags
https://vuldb.com/?id.334479 vdb-entrytechnical-description
https://vuldb.com/?ctiid.334479 signaturepermissions-required
https://vuldb.com/?submit.696049 third-party-advisory
https://github.com/caigo8/CVE-md/blob/main/Boxwoo… exploit
Impacted products
Vendor Product Version
Himool ERP Affected: 2.0
Affected: 2.1
Affected: 2.2
Create a notification for this product.
Credits
alunxzhou (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14089",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-05T16:04:58.182395Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-05T16:47:42.689Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "AdminActionViewSet"
          ],
          "product": "ERP",
          "vendor": "Himool",
          "versions": [
            {
              "status": "affected",
              "version": "2.0"
            },
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "2.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "alunxzhou (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function update_account of the file /api/admin/update_account/ of the component AdminActionViewSet. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-05T15:32:06.293Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-334479 | Himool ERP AdminActionViewSet update_account improper authorization",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.334479"
        },
        {
          "name": "VDB-334479 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.334479"
        },
        {
          "name": "Submit #696049 | https://gitee.com/himool/erp Himool ERP 2.2 Missing Authentication for Critical Function",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.696049"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/caigo8/CVE-md/blob/main/BoxwoodERP/%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-05T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-12-05T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-12-05T09:50:30.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Himool ERP AdminActionViewSet update_account improper authorization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-14089",
    "datePublished": "2025-12-05T15:32:06.293Z",
    "dateReserved": "2025-12-05T08:45:20.357Z",
    "dateUpdated": "2025-12-05T16:47:42.689Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14088 (GCVE-0-2025-14088)

Vulnerability from cvelistv5 – Published: 2025-12-05 14:32 – Updated: 2026-02-24 05:40
VLAI
Title
ketr JEPaaS load improper authorization
Summary
A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-285 - Improper Authorization
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
URL Tags
https://vuldb.com/?id.334478 vdb-entrytechnical-description
https://vuldb.com/?ctiid.334478 signaturepermissions-required
https://vuldb.com/?submit.695316 third-party-advisory
https://github.com/zhangbuneng/The-Jepaas-platfor… exploitissue-tracking
Impacted products
Vendor Product Version
ketr JEPaaS Affected: 7.2.0
Affected: 7.2.1
Affected: 7.2.2
Affected: 7.2.3
Affected: 7.2.4
Affected: 7.2.5
Affected: 7.2.6
Affected: 7.2.7
Affected: 7.2.8
    cpe:2.3:a:ketr:jepaas:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
yaozhangYiqiyin (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14088",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-05T16:04:59.674385Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-05T16:47:50.244Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ketr:jepaas:*:*:*:*:*:*:*:*"
          ],
          "product": "JEPaaS",
          "vendor": "ketr",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.2"
            },
            {
              "status": "affected",
              "version": "7.2.3"
            },
            {
              "status": "affected",
              "version": "7.2.4"
            },
            {
              "status": "affected",
              "version": "7.2.5"
            },
            {
              "status": "affected",
              "version": "7.2.6"
            },
            {
              "status": "affected",
              "version": "7.2.7"
            },
            {
              "status": "affected",
              "version": "7.2.8"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "yaozhangYiqiyin (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-24T05:40:51.727Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-334478 | ketr JEPaaS load improper authorization",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.334478"
        },
        {
          "name": "VDB-334478 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.334478"
        },
        {
          "name": "Submit #695316 | Beijing Kaite Weiye Science and Technology Co.,Ltd. JEPaaS JEPaaSV7.2.8 vertical privilege escalation vulnerability",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.695316"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/zhangbuneng/The-Jepaas-platform-has-a-vertical-privilege-escalation-vulnerability./issues/1"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-05T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-12-05T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-12-06T15:38:17.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "ketr JEPaaS load improper authorization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-14088",
    "datePublished": "2025-12-05T14:32:07.388Z",
    "dateReserved": "2025-12-05T08:43:13.991Z",
    "dateUpdated": "2026-02-24T05:40:51.727Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

No CAPEC attack patterns related to this CWE.