CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1914 vulnerabilities reference this CWE, most recent first.
CVE-2025-12304 (GCVE-0-2025-12304)
Vulnerability from cvelistv5 – Published: 2025-10-27 18:32 – Updated: 2025-10-27 20:34| URL | Tags |
|---|---|
| https://vuldb.com/?id.329976 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.329976 | signaturepermissions-required |
| https://vuldb.com/?submit.676283 | third-party-advisory |
| https://github.com/Hwwg/cve/issues/3 | exploitissue-tracking |
| Vendor | Product | Version | |
|---|---|---|---|
| dulaiduwang003 | TIME-SEA-PLUS |
Affected:
fb299162f18498dd9cf17da906886d80a077d53b
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12304",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T20:34:25.594473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T20:34:32.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Order Status Handler"
],
"product": "TIME-SEA-PLUS",
"vendor": "dulaiduwang003",
"versions": [
{
"status": "affected",
"version": "fb299162f18498dd9cf17da906886d80a077d53b"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "huangweigang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b gefunden. Es betrifft die Funktion alipayIsSucceed der Datei PayController.java der Komponente Order Status Handler. Durch Beeinflussen mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T18:32:05.681Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-329976 | dulaiduwang003 TIME-SEA-PLUS Order Status PayController.java alipayIsSucceed improper authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.329976"
},
{
"name": "VDB-329976 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.329976"
},
{
"name": "Submit #676283 | TIME-SEA-PLUS \u003c=2.4 Improper Control of Resource Identifiers",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.676283"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Hwwg/cve/issues/3"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-26T18:08:41.000Z",
"value": "VulDB entry last update"
}
],
"title": "dulaiduwang003 TIME-SEA-PLUS Order Status PayController.java alipayIsSucceed improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12304",
"datePublished": "2025-10-27T18:32:05.681Z",
"dateReserved": "2025-10-26T17:03:38.532Z",
"dateUpdated": "2025-10-27T20:34:32.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12103 (GCVE-0-2025-12103)
Vulnerability from cvelistv5 – Published: 2025-10-28 13:31 – Updated: 2026-04-23 15:57- CWE-266 - Incorrect Privilege Assignment
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2025:21117 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:10184 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2025-12103 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2405966 | issue-trackingx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat OpenShift AI 2.25 |
Unaffected:
sha256:6503aa2b0c29d01b947b6fde383850d03dcb2b9f9d70cf417b9e90d5e99d1740 , < *
(rpm)
cpe:/a:redhat:openshift_ai:2.25::el9 |
|
| Red Hat | Red Hat OpenShift AI 3 |
Unaffected:
sha256:2015d93a8f499c4b3706fb1b1323db2e455154cb20219ceef82b79894239a51b , < *
(rpm)
cpe:/a:redhat:openshift_ai:3.0::el9 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-28T13:43:51.831220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T14:44:07.440Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-ta-lmes-driver-rhel9",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:6503aa2b0c29d01b947b6fde383850d03dcb2b9f9d70cf417b9e90d5e99d1740",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_ai:3.0::el9"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-trustyai-service-operator-rhel9",
"product": "Red Hat OpenShift AI 3",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:2015d93a8f499c4b3706fb1b1323db2e455154cb20219ceef82b79894239a51b",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-trustyai-service-operator-rhel8",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
}
],
"datePublic": "2025-10-28T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster.\n\nTrustyAI is creating a role `trustyai-service-operator-lmeval-user-role` and a CRB `trustyai-service-operator-default-lmeval-user-rolebinding` which is being applied to `system:authenticated` making it so that every single user or service account can get a list of pods running in any namespace on the cluster \n\nAdditionally users can access all `persistentvolumeclaims` and `lmevaljobs`"
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T15:57:51.810Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:21117",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:21117"
},
{
"name": "RHSA-2026:10184",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10184"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-12103"
},
{
"name": "RHBZ#2405966",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405966"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-23T02:53:02.820Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-10-28T09:00:00.000Z",
"value": "Made public."
}
],
"title": "Openshift-ai: trusty ai grants all authenticated users to list pods in any namespace",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-12103",
"datePublished": "2025-10-28T13:31:59.318Z",
"dateReserved": "2025-10-23T02:55:38.369Z",
"dateUpdated": "2026-04-23T15:57:51.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11853 (GCVE-0-2025-11853)
Vulnerability from cvelistv5 – Published: 2025-10-16 19:02 – Updated: 2026-02-24 07:00| URL | Tags |
|---|---|
| https://vuldb.com/?id.328799 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.328799 | signaturepermissions-required |
| https://vuldb.com/?submit.657060 | third-party-advisory |
| https://docs.google.com/document/d/1PzTPCtavuLx_G… | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11853",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T19:55:18.904126Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T19:56:06.504Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:sismics:teedy:*:*:*:*:*:*:*:*"
],
"modules": [
"API Endpoint"
],
"product": "Teedy",
"vendor": "Sismics",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "balejin (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T07:00:48.654Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328799 | Sismics Teedy API Endpoint file access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.328799"
},
{
"name": "VDB-328799 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328799"
},
{
"name": "Submit #657060 | GitHub Teedy \u003c=1.11 Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.657060"
},
{
"tags": [
"exploit"
],
"url": "https://docs.google.com/document/d/1PzTPCtavuLx_GwREvshGMQ8N5zFDmpe-OAR5kZwOZfE/edit?usp=sharing"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-24T04:20:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "Sismics Teedy API Endpoint file access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11853",
"datePublished": "2025-10-16T19:02:07.747Z",
"dateReserved": "2025-10-16T11:45:34.173Z",
"dateUpdated": "2026-02-24T07:00:48.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11646 (GCVE-0-2025-11646)
Vulnerability from cvelistv5 – Published: 2025-10-12 21:02 – Updated: 2025-10-18 21:28| URL | Tags |
|---|---|
| https://vuldb.com/?id.328057 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.328057 | signaturepermissions-required |
| https://vuldb.com/?submit.661900 | third-party-advisory |
| https://github.com/dead1nfluence/Furbo-Advisories… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Tomofun | Furbo 360 |
Affected:
n/a
|
|
| Tomofun | Furbo Mini |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11646",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T14:00:20.334174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T14:00:40.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Information-Disclosure-P2PUUID.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"GATT Service"
],
"product": "Furbo 360",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"GATT Service"
],
"product": "Furbo Mini",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Calvin Star (Software Secured)"
},
{
"lang": "en",
"type": "finder",
"value": "Julian B (Software Secured)"
},
{
"lang": "en",
"type": "reporter",
"value": "jTag Labs (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "jTag Labs (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exploit is now public and may be used. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tomofun Furbo 360 and Furbo Mini entdeckt. Betroffen ist eine unbekannte Verarbeitung der Komponente GATT Service. Durch das Beeinflussen mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff muss innerhalb des lokalen Netzwerks erfolgen. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-18T21:28:04.687Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328057 | Tomofun Furbo 360/Furbo Mini GATT Service access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.328057"
},
{
"name": "VDB-328057 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328057"
},
{
"name": "Submit #661900 | Tomofun Furbo 360, Furbo Mini Furbo 360 (\u2264 FB0035_FW_036), Furbo Mini (\u2264 MC0020_FW_074) Information Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661900"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Information-Disclosure-P2PUUID.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-15T20:00:00.000Z",
"value": "Vulnerability found"
},
{
"lang": "en",
"time": "2025-06-21T23:00:00.000Z",
"value": "Vendor informed"
},
{
"lang": "en",
"time": "2025-07-03T04:30:00.000Z",
"value": "Vendor acknowledged"
},
{
"lang": "en",
"time": "2025-10-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-18T23:30:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tomofun Furbo 360/Furbo Mini GATT Service access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11646",
"datePublished": "2025-10-12T21:02:05.171Z",
"dateReserved": "2025-10-11T18:33:03.614Z",
"dateUpdated": "2025-10-18T21:28:04.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11641 (GCVE-0-2025-11641)
Vulnerability from cvelistv5 – Published: 2025-10-12 18:32 – Updated: 2025-10-17 05:49| URL | Tags |
|---|---|
| https://vuldb.com/?id.328052 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.328052 | signaturepermissions-required |
| https://vuldb.com/?submit.661379 | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Tomofun | Furbo 360 |
Affected:
n/a
|
|
| Tomofun | Furbo Mini |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T14:59:44.158815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T14:59:51.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Trial Restriction Handler"
],
"product": "Furbo 360",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Trial Restriction Handler"
],
"product": "Furbo Mini",
"vendor": "Tomofun",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Calvin Star (Software Secured)"
},
{
"lang": "en",
"type": "finder",
"value": "Julian B (Software Secured)"
},
{
"lang": "en",
"type": "reporter",
"value": "jTag Labs (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "jTag Labs (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. This impacts an unknown function of the component Trial Restriction Handler. This manipulation causes improper access controls. It is feasible to perform the attack on the physical device. The attack is considered to have high complexity. The exploitability is said to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tomofun Furbo 360 and Furbo Mini gefunden. Dies betrifft einen unbekannten Teil der Komponente Trial Restriction Handler. Durch Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff auf das physische Ger\u00e4t ist m\u00f6glich. Ein Angriff erfordert eine vergleichsweise hohe Komplexit\u00e4t. Die Ausnutzbarkeit gilt als schwierig."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 1,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:X",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:X",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.7,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:ND",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T05:49:10.328Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328052 | Tomofun Furbo 360/Furbo Mini Trial Restriction access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.328052"
},
{
"name": "VDB-328052 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328052"
},
{
"name": "Submit #661379 | Tomofun Furbo 360, Furbo Mini Furbo 360 (\u2264 FB0035_FW_036), Furbo Mini (\u2264 MC0020_FW_074) Application Logic Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661379"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-15T20:00:00.000Z",
"value": "Vulnerability found"
},
{
"lang": "en",
"time": "2025-06-21T23:00:00.000Z",
"value": "Vendor informed"
},
{
"lang": "en",
"time": "2025-07-03T04:30:00.000Z",
"value": "Vendor acknowledged"
},
{
"lang": "en",
"time": "2025-10-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-17T07:54:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tomofun Furbo 360/Furbo Mini Trial Restriction access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11641",
"datePublished": "2025-10-12T18:32:05.050Z",
"dateReserved": "2025-10-11T18:32:47.228Z",
"dateUpdated": "2025-10-17T05:49:10.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11554 (GCVE-0-2025-11554)
Vulnerability from cvelistv5 – Published: 2025-10-09 20:02 – Updated: 2026-02-24 06:56| URL | Tags |
|---|---|
| https://vuldb.com/?id.327714 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.327714 | signaturepermissions-required |
| https://vuldb.com/?submit.671072 | third-party-advisory |
| https://github.com/m3m0o/portabilis-ieducar-user-… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Portabilis | i-Educar |
Affected:
2.9.0
Affected: 2.9.1 Affected: 2.9.2 Affected: 2.9.3 Affected: 2.9.4 Affected: 2.9.5 Affected: 2.9.6 Affected: 2.9.7 Affected: 2.9.8 Affected: 2.9.9 Affected: 2.9.10 cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11554",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-09T20:34:38.023557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T20:35:00.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*"
],
"modules": [
"User Type Handler"
],
"product": "i-Educar",
"vendor": "Portabilis",
"versions": [
{
"status": "affected",
"version": "2.9.0"
},
{
"status": "affected",
"version": "2.9.1"
},
{
"status": "affected",
"version": "2.9.2"
},
{
"status": "affected",
"version": "2.9.3"
},
{
"status": "affected",
"version": "2.9.4"
},
{
"status": "affected",
"version": "2.9.5"
},
{
"status": "affected",
"version": "2.9.6"
},
{
"status": "affected",
"version": "2.9.7"
},
{
"status": "affected",
"version": "2.9.8"
},
{
"status": "affected",
"version": "2.9.9"
},
{
"status": "affected",
"version": "2.9.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "m3m0o (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "m3m0o (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-277",
"description": "Insecure Inherited Permissions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T06:56:18.625Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-327714 | Portabilis i-Educar User Type AccessLevelController.php insecure inherited permissions",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.327714"
},
{
"name": "VDB-327714 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.327714"
},
{
"name": "Submit #671072 | Portabilis i-Educar 2.9.10 Improper Handling of Insufficient Permissions or Privileges",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.671072"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/m3m0o/portabilis-ieducar-user-type-privilege-escalation"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-11T00:00:00.000Z",
"value": "Exploit disclosed"
},
{
"lang": "en",
"time": "2025-11-21T17:07:57.000Z",
"value": "VulDB entry last update"
}
],
"title": "Portabilis i-Educar User Type AccessLevelController.php insecure inherited permissions"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11554",
"datePublished": "2025-10-09T20:02:06.510Z",
"dateReserved": "2025-10-09T11:59:38.265Z",
"dateUpdated": "2026-02-24T06:56:18.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11440 (GCVE-0-2025-11440)
Vulnerability from cvelistv5 – Published: 2025-10-08 07:02 – Updated: 2025-10-08 13:48| URL | Tags |
|---|---|
| https://vuldb.com/?id.327377 | vdb-entry |
| https://vuldb.com/?ctiid.327377 | signaturepermissions-required |
| https://vuldb.com/?submit.666881 | third-party-advisory |
| https://docs.google.com/document/d/1GUjJA9vUbsXUn… | exploit |
| https://github.com/JhumanJ/OpnForm/pull/900/commi… | issue-trackingpatch |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11440",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T13:48:03.045413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T13:48:06.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.t78mmp24qqk5"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpnForm",
"vendor": "JhumanJ",
"versions": [
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.9.2"
},
{
"status": "affected",
"version": "1.9.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "balejin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in JhumanJ OpnForm up to 1.9.3. Impacted is an unknown function of the file /edit. Executing manipulation can lead to improper access controls. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called b15e29021d326be127193a5dbbd528c4e37e6324. Applying a patch is advised to resolve this issue."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in JhumanJ OpnForm up to 1.9.3 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /edit. Dank Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden. Der Patch tr\u00e4gt den Namen b15e29021d326be127193a5dbbd528c4e37e6324. Es wird geraten, einen Patch zu installieren, um dieses Problem zu l\u00f6sen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T07:02:07.818Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-327377 | JhumanJ OpnForm edit access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.327377"
},
{
"name": "VDB-327377 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.327377"
},
{
"name": "Submit #666881 | GitHub OpnForm 1.9.3 Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.666881"
},
{
"tags": [
"exploit"
],
"url": "https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.t78mmp24qqk5"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/JhumanJ/OpnForm/pull/900/commits/b15e29021d326be127193a5dbbd528c4e37e6324"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-07T15:22:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "JhumanJ OpnForm edit access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11440",
"datePublished": "2025-10-08T07:02:07.818Z",
"dateReserved": "2025-10-07T13:17:24.556Z",
"dateUpdated": "2025-10-08T13:48:06.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11281 (GCVE-0-2025-11281)
Vulnerability from cvelistv5 – Published: 2025-10-05 04:02 – Updated: 2025-10-07 19:12| URL | Tags |
|---|---|
| https://vuldb.com/?id.327015 | vdb-entry |
| https://vuldb.com/?ctiid.327015 | signaturepermissions-required |
| https://vuldb.com/?submit.659695 | third-party-advisory |
| https://gist.github.com/0xHamy/5ebd820ad30f338270… | related |
| https://gist.github.com/0xHamy/5ebd820ad30f338270… | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11281",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-07T19:11:59.135800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T19:12:19.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.659695"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/0xHamy/5ebd820ad30f33827011e9a614fb2f89"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/0xHamy/5ebd820ad30f33827011e9a614fb2f89#steps-to-reproduce"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Unpublished Course Handler"
],
"product": "LMS",
"vendor": "Frappe",
"versions": [
{
"status": "affected",
"version": "2.35.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "0xHamy (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Frappe LMS 2.35.0. The affected element is an unknown function of the file /courses/ of the component Unpublished Course Handler. Such manipulation leads to improper access controls. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. You should upgrade the affected component. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them."
},
{
"lang": "de",
"value": "In Frappe LMS 2.35.0 ist eine Schwachstelle entdeckt worden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /courses/ der Komponente Unpublished Course Handler. Durch die Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Das Ausnutzen gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.6,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-05T04:02:05.630Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-327015 | Frappe LMS Unpublished Course courses access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.327015"
},
{
"name": "VDB-327015 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.327015"
},
{
"name": "Submit #659695 | Frappe Frappe LMS 2.35.0 Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.659695"
},
{
"tags": [
"related"
],
"url": "https://gist.github.com/0xHamy/5ebd820ad30f33827011e9a614fb2f89"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/0xHamy/5ebd820ad30f33827011e9a614fb2f89#steps-to-reproduce"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-04T11:28:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "Frappe LMS Unpublished Course courses access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11281",
"datePublished": "2025-10-05T04:02:05.630Z",
"dateReserved": "2025-10-04T09:22:33.609Z",
"dateUpdated": "2025-10-07T19:12:19.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11272 (GCVE-0-2025-11272)
Vulnerability from cvelistv5 – Published: 2025-10-04 20:02 – Updated: 2025-10-06 20:15| URL | Tags |
|---|---|
| https://vuldb.com/?id.327006 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.327006 | signaturepermissions-required |
| https://vuldb.com/?submit.655842 | third-party-advisory |
| https://github.com/August829/YU1/issues/4 | issue-tracking |
| https://github.com/August829/YU1/issues/4#issue-3… | exploitissue-tracking |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11272",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-06T20:14:59.077135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T20:15:08.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"POST Request Handler"
],
"product": "ZKEACMS",
"vendor": "SeriaWei",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"status": "affected",
"version": "4.1"
},
{
"status": "affected",
"version": "4.2"
},
{
"status": "affected",
"version": "4.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yu Bao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SeriaWei ZKEACMS up to 4.3. This affects the function Delete of the file src/ZKEACMS.Redirection/Controllers/UrlRedirectionController.cs of the component POST Request Handler. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In SeriaWei ZKEACMS up to 4.3 wurde eine Schwachstelle gefunden. Es betrifft die Funktion Delete der Datei src/ZKEACMS.Redirection/Controllers/UrlRedirectionController.cs der Komponente POST Request Handler. Durch Manipulieren mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.5,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-04T20:02:05.691Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-327006 | SeriaWei ZKEACMS POST Request UrlRedirectionController.cs Delete improper authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.327006"
},
{
"name": "VDB-327006 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.327006"
},
{
"name": "Submit #655842 | SeriaWei ZKEACMS v4.3 Unauthorized deletion URL redirect rules",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.655842"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/August829/YU1/issues/4"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/August829/YU1/issues/4#issue-3420825660"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-04T08:01:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "SeriaWei ZKEACMS POST Request UrlRedirectionController.cs Delete improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11272",
"datePublished": "2025-10-04T20:02:05.691Z",
"dateReserved": "2025-10-04T05:56:51.264Z",
"dateUpdated": "2025-10-06T20:15:08.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11080 (GCVE-0-2025-11080)
Vulnerability from cvelistv5 – Published: 2025-09-27 21:32 – Updated: 2025-09-29 19:36| URL | Tags |
|---|---|
| https://vuldb.com/?id.326121 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.326121 | signaturepermissions-required |
| https://vuldb.com/?submit.661308 | third-party-advisory |
| https://github.com/xkalami-Tta0/CVE/blob/main/wis… | related |
| https://github.com/xkalami-Tta0/CVE/blob/main/wis… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| zhuimengshaonian | wisdom-education |
Affected:
1.0.0
Affected: 1.0.1 Affected: 1.0.2 Affected: 1.0.3 Affected: 1.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11080",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-29T19:36:07.974553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T19:36:16.945Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wisdom-education",
"vendor": "zhuimengshaonian",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.3"
},
{
"status": "affected",
"version": "1.0.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xkalami (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/api/controller/student/ExamInfoController.java. Such manipulation of the argument subjectId leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in zhuimengshaonian wisdom-education up to 1.0.4 entdeckt. Betroffen ist die Funktion selectStudentExamInfoList der Datei src/main/java/com/education/api/controller/student/ExamInfoController.java. Mittels dem Manipulieren des Arguments subjectId mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-27T21:32:06.699Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-326121 | zhuimengshaonian wisdom-education ExamInfoController.java selectStudentExamInfoList improper authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.326121"
},
{
"name": "VDB-326121 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.326121"
},
{
"name": "Submit #661308 | https://gitee.com/zhuimengshaonian/wisdom-education wisdom-education 1.0.4 Horizontal overstepping authority",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661308"
},
{
"tags": [
"related"
],
"url": "https://github.com/xkalami-Tta0/CVE/blob/main/wisdom-education/%E6%B0%B4%E5%B9%B3%E8%B6%8A%E6%9D%83.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/xkalami-Tta0/CVE/blob/main/wisdom-education/%E6%B0%B4%E5%B9%B3%E8%B6%8A%E6%9D%83.md#vulnerability-reproduction"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-26T15:16:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "zhuimengshaonian wisdom-education ExamInfoController.java selectStudentExamInfoList improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11080",
"datePublished": "2025-09-27T21:32:06.699Z",
"dateReserved": "2025-09-26T13:11:04.929Z",
"dateUpdated": "2025-09-29T19:36:16.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.