CWE-639
AllowedAuthorization Bypass Through User-Controlled Key
Abstraction: Base · Status: Incomplete
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
3235 vulnerabilities reference this CWE, most recent first.
CVE-2025-14881 (GCVE-0-2025-14881)
Vulnerability from cvelistv5 – Published: 2025-12-19 12:24 – Updated: 2025-12-19 12:58- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://pretix.eu/about/en/blog/20251218-release-… | vendor-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14881",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T12:58:00.895498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T12:58:15.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/",
"defaultStatus": "unaffected",
"packageName": "pretix",
"product": "pretix",
"repo": "https://github.com/pretix/pretix",
"vendor": "pretix",
"versions": [
{
"lessThan": "2025.8.0",
"status": "affected",
"version": "1.0.0",
"versionType": "python"
},
{
"changes": [
{
"at": "2025.8.3",
"status": "unaffected"
}
],
"lessThan": "2025.9.0",
"status": "affected",
"version": "2025.8.0",
"versionType": "python"
},
{
"changes": [
{
"at": "2025.9.3",
"status": "unaffected"
}
],
"lessThan": "2025.10.0",
"status": "affected",
"version": "2025.9.0",
"versionType": "python"
},
{
"changes": [
{
"at": "2025.10.1",
"status": "unaffected"
}
],
"lessThan": "2025.11.0",
"status": "affected",
"version": "2025.10.0",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Deniz Parlak (https://github.com/DenizParlak)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only."
}
],
"value": "Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 3.8,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T12:24:10.523Z",
"orgId": "655498c3-6ec5-4f0b-aea6-853b334d05a6",
"shortName": "rami.io"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pretix.eu/about/en/blog/20251218-release-2025-10-1/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insecure direct object reference",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "655498c3-6ec5-4f0b-aea6-853b334d05a6",
"assignerShortName": "rami.io",
"cveId": "CVE-2025-14881",
"datePublished": "2025-12-19T12:24:10.523Z",
"dateReserved": "2025-12-18T11:48:11.819Z",
"dateUpdated": "2025-12-19T12:58:15.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14844 (GCVE-0-2025-14844)
Vulnerability from cvelistv5 – Published: 2026-01-16 09:23 – Updated: 2026-04-08 16:35- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| stellarwp | Membership Plugin – Restrict Content |
Affected:
0 , ≤ 3.2.16
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14844",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T12:48:39.518455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T12:50:27.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Membership Plugin \u2013 Restrict Content",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "3.2.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "andrea bocchetti"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Membership Plugin \u2013 Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the \u0027rcp_stripe_create_setup_intent_for_saved_card\u0027 function due to missing capability check. Additionally, the plugin does not check a user-controlled key, which makes it possible for unauthenticated attackers to leak Stripe SetupIntent client_secret values for any membership."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:35:02.041Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c28545d-c7cd-469f-bccf-90e8b52fd4e7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/gateways/stripe/functions.php#L848"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/gateways/stripe/functions.php#L987"
},
{
"url": "https://docs.stripe.com/api/setup_intents/object"
},
{
"url": "https://cwe.mitre.org/data/definitions/639.html"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3438168/restrict-content/tags/3.2.17/core/includes/gateways/stripe/functions.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-17T18:50:59.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-01-15T20:39:14.000Z",
"value": "Disclosed"
}
],
"title": "Membership Plugin \u2013 Restrict Content \u003c= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14844",
"datePublished": "2026-01-16T09:23:46.932Z",
"dateReserved": "2025-12-17T18:34:48.898Z",
"dateUpdated": "2026-04-08T16:35:02.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14802 (GCVE-0-2025-14802)
Vulnerability from cvelistv5 – Published: 2026-01-07 07:17 – Updated: 2026-04-08 17:05- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses |
Affected:
0 , ≤ 4.3.2.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T14:50:45.348178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T16:13:20.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LearnPress \u2013 WordPress LMS Plugin for Create and Sell Online Courses",
"vendor": "thimpress",
"versions": [
{
"lessThanOrEqual": "4.3.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Deniz Mert"
}
],
"descriptions": [
{
"lang": "en",
"value": "The LearnPress \u2013 WordPress LMS Plugin for WordPress is vulnerable to unauthorized file deletion in versions up to, and including, 4.3.2.2 via the /wp-json/lp/v1/material/{file_id} REST API endpoint. This is due to a parameter mismatch between the DELETE operation and authorization check, where the endpoint uses file_id from the URL path but the permission callback validates item_id from the request body. This makes it possible for authenticated attackers, with teacher-level access, to delete arbitrary lesson material files uploaded by other teachers via sending a DELETE request with their own item_id (to pass authorization) while targeting another teacher\u0027s file_id."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:05:15.500Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/884c4508-1ee1-4384-9fc2-29e2c9042426?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.2.1/inc/rest-api/v1/frontend/class-lp-rest-material-controller.php#L527"
},
{
"url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.2.1/inc/rest-api/v1/frontend/class-lp-rest-material-controller.php#L405"
},
{
"url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.2.1/inc/rest-api/v1/frontend/class-lp-rest-material-controller.php#L77"
},
{
"url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.2.3/inc/rest-api/v1/frontend/class-lp-rest-material-controller.php#L403"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-16T21:05:46.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-01-06T18:42:00.000Z",
"value": "Disclosed"
}
],
"title": "LearnPress \u2013 WordPress LMS Plugin \u003c= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14802",
"datePublished": "2026-01-07T07:17:33.170Z",
"dateReserved": "2025-12-16T20:58:27.037Z",
"dateUpdated": "2026-04-08T17:05:15.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14772 (GCVE-0-2025-14772)
Vulnerability from cvelistv5 – Published: 2026-06-03 09:25 – Updated: 2026-06-03 12:49- CWE-639 - Authorization bypass through User-Controlled key
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | T-MAC Plus |
Affected:
4.0-24
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-03T12:47:39.611706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T12:49:14.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T-MAC Plus",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "4.0-24"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus.\u003cp\u003eThis issue affects T-MAC Plus: 4.0-24.\u003c/p\u003e"
}
],
"value": "Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus.\n\nThis issue affects T-MAC Plus: 4.0-24."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization bypass through User-Controlled key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T09:25:56.511Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108472A7840\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Broken Access Control in ABB T-MAC Plus web application",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2025-14772",
"datePublished": "2026-06-03T09:25:56.511Z",
"dateReserved": "2025-12-16T03:47:13.359Z",
"dateUpdated": "2026-06-03T12:49:14.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14742 (GCVE-0-2025-14742)
Vulnerability from cvelistv5 – Published: 2026-02-25 09:26 – Updated: 2026-04-08 16:36- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| brechtvds | WP Recipe Maker |
Affected:
0 , ≤ 10.2.3
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T16:33:34.211437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:33:45.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Recipe Maker",
"vendor": "brechtvds",
"versions": [
{
"lessThanOrEqual": "10.2.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abhinav Jaswal"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the \u0027ajax_search_recipes\u0027 and \u0027ajax_get_recipe\u0027 functions in all versions up to, and including, 10.2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive recipe information including draft, pending, and private recipes that they shouldn\u0027t be able to access."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:36:07.011Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10c17e74-dced-483e-bcaf-00ff5b11059c?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-recipe-maker/trunk/includes/public/class-wprm-recipe-manager.php#L47"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-recipe-maker/trunk/includes/public/class-wprm-recipe-manager.php#L46"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-recipe-maker/trunk/includes/public/class-wprm-recipe-manager.php#L161"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-recipe-maker/trunk/includes/public/class-wprm-recipe-manager.php#L301"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3440361/wp-recipe-maker/trunk/includes/public/class-wprm-recipe-manager.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-15T19:25:38.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-24T21:09:18.000Z",
"value": "Disclosed"
}
],
"title": "WP Recipe Maker \u003c= 10.2.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14742",
"datePublished": "2026-02-25T09:26:50.441Z",
"dateReserved": "2025-12-15T19:09:55.527Z",
"dateUpdated": "2026-04-08T16:36:07.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14594 (GCVE-0-2025-14594)
Vulnerability from cvelistv5 – Published: 2026-02-11 11:34 – Updated: 2026-02-11 15:17- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/583967 | issue-trackingpermissions-required |
| https://hackerone.com/reports/3457591 | technical-descriptionexploitpermissions-required |
| https://about.gitlab.com/releases/2026/02/10/patc… |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:17:08.503125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:17:25.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "18.6.6",
"status": "affected",
"version": "17.11",
"versionType": "semver"
},
{
"lessThan": "18.7.4",
"status": "affected",
"version": "18.7",
"versionType": "semver"
},
{
"lessThan": "18.8.4",
"status": "affected",
"version": "18.8",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [sndd](https://hackerone.com/sndd) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying the API."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T11:34:06.815Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #583967",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/583967"
},
{
"name": "HackerOne Bug Bounty Report #3457591",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/3457591"
},
{
"url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 18.6.6, 18.7.4, 18.8.4 or above."
}
],
"title": "Authorization Bypass Through User-Controlled Key in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-14594",
"datePublished": "2026-02-11T11:34:06.815Z",
"dateReserved": "2025-12-12T16:33:35.449Z",
"dateUpdated": "2026-02-11T15:17:25.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14459 (GCVE-0-2025-14459)
Vulnerability from cvelistv5 – Published: 2026-01-26 19:36 – Updated: 2026-07-15 01:27- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:0950 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2025-14459 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2420938 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-4 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-3 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17.rhel9-82 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-7 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-6 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-85 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-9 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-11 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-19 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-88 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-8 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-12 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T21:01:20.724005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T21:01:36.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/aaq-controller-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/aaq-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/aaq-server-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/bridge-marker-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/cluster-network-addons-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/cnv-containernetworking-plugins-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/cnv-must-gather-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/hco-bundle-registry-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17.rhel9-82",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/hostpath-csi-driver-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/hostpath-provisioner-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/hostpath-provisioner-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/hyperconverged-cluster-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/hyperconverged-cluster-webhook-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubemacpool-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubesecondarydns-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-api-lifecycle-automation-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-apiserver-proxy-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-common-instancetypes-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-console-plugin-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-85",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-dpdk-checkup-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-ipam-controller-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-realtime-checkup-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-ssp-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-storage-checkup-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-template-validator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/libguestfs-tools-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/multus-dynamic-networks-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/ocp-virt-validation-checkup-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/ovs-cni-plugin-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/passt-network-binding-plugin-cni-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/passt-network-binding-plugin-sidecar-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/pr-helper-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/sidecar-shim-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-88",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-api-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-artifacts-server-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-apiserver-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-cloner-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-controller-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-importer-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-uploadproxy-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-uploadserver-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-controller-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-exportproxy-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-exportserver-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-handler-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virtio-win-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-launcher-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/vm-console-proxy-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/vm-network-latency-checkup-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/wasp-agent-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-controller",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-01-08T10:10:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:27:15.318Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-14459"
},
{
"name": "RHBZ#2420938",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420938"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14459.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0950"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:0950: CNV 4.19 for RHEL 9"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-10T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-01-08T10:10:00.000Z",
"value": "Made public."
}
],
"title": "virt-cdi-controller: Unauthorized PVC Cloning via DataImportCron",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/aaq-controller-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/aaq-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/aaq-server-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/bridge-marker-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/cluster-network-addons-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/cnv-containernetworking-plugins-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/cnv-must-gather-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/hco-bundle-registry-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17.rhel9-82",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/hostpath-csi-driver-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/hostpath-provisioner-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/hostpath-provisioner-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/hyperconverged-cluster-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/hyperconverged-cluster-webhook-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubemacpool-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubesecondarydns-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-api-lifecycle-automation-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-apiserver-proxy-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-common-instancetypes-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-console-plugin-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-85",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-dpdk-checkup-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-ipam-controller-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-realtime-checkup-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-ssp-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-storage-checkup-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-template-validator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/libguestfs-tools-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/multus-dynamic-networks-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/ocp-virt-validation-checkup-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/ovs-cni-plugin-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/passt-network-binding-plugin-cni-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/passt-network-binding-plugin-sidecar-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/pr-helper-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/sidecar-shim-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-88",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-api-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-artifacts-server-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-apiserver-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-cloner-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-controller-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-importer-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-uploadproxy-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-uploadserver-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-controller-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-exportproxy-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-exportserver-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-handler-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virtio-win-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-launcher-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/vm-console-proxy-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/vm-network-latency-checkup-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/wasp-agent-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-controller",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-01-08T10:10:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T19:36:29.709Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:0950",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0950"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-14459"
},
{
"name": "RHBZ#2420938",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420938"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-10T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-01-08T10:10:00.000Z",
"value": "Made public."
}
],
"title": "Virt-cdi-controller: unauthorized pvc cloning via dataimportcron",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-14459",
"datePublished": "2026-01-26T19:36:29.709Z",
"dateReserved": "2025-12-10T15:18:02.606Z",
"dateUpdated": "2026-07-15T01:27:15.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14356 (GCVE-0-2025-14356)
Vulnerability from cvelistv5 – Published: 2025-12-12 06:32 – Updated: 2026-04-08 16:47- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| themefic | Ultra Addons for Contact Form 7 |
Affected:
0 , ≤ 3.5.33
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T20:30:30.463601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T20:30:42.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultra Addons for Contact Form 7",
"vendor": "themefic",
"versions": [
{
"lessThanOrEqual": "3.5.33",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Angus Girvan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the \u0027uacf7_get_generated_pdf\u0027 function in all versions up to, and including, 3.5.33. This makes it possible for authenticated attackers, with Subscriber-level access and above, to generate and get form submission PDF, when the \"PDF Generator\" and the \"Database\" addons are enabled (disabled by default)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:47:07.182Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3af9ece0-1556-4457-87ee-343daec5e74f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/pdf-generator/pdf-generator.php#L316"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/pdf-generator/pdf-generator.php#L321"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/pdf-generator/pdf-generator.php#L341"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/pdf-generator/pdf-generator.php#L53"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3417590/ultimate-addons-for-contact-form-7"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-10T12:25:01.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-11T17:40:29.000Z",
"value": "Disclosed"
}
],
"title": "Ultra Addons for Contact Form 7 \u003c= 3.5.33 - Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDF"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14356",
"datePublished": "2025-12-12T06:32:57.656Z",
"dateReserved": "2025-12-09T16:40:32.811Z",
"dateUpdated": "2026-04-08T16:47:07.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14101 (GCVE-0-2025-14101)
Vulnerability from cvelistv5 – Published: 2025-12-17 09:11 – Updated: 2026-06-04 06:28- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-25-0464 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| GG Soft Software Services Inc. | PaperWork |
Affected:
5.2.0.9427 , < 6.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14101",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T18:05:22.207292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T18:36:19.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PaperWork",
"vendor": "GG Soft Software Services Inc.",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "5.2.0.9427",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Furkan YILDIZ"
},
{
"lang": "en",
"type": "finder",
"value": "Fatih KIRDAR"
}
],
"datePublic": "2025-12-17T09:06:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in GG Soft Software Services Inc. PaperWork allows Exploitation of Trusted Identifiers.\u003cp\u003eThis issue affects PaperWork: from 5.2.0.9427 before 6.0.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in GG Soft Software Services Inc. PaperWork allows Exploitation of Trusted Identifiers.\n\nThis issue affects PaperWork: from 5.2.0.9427 before 6.0."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Identifiers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T06:28:35.866Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-25-0464"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0464"
}
],
"source": {
"advisory": "TR-25-0464",
"defect": [
"TR-25-0464"
],
"discovery": "UNKNOWN"
},
"title": "IDOR in GG Soft\u0027s PaperWork",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-14101",
"datePublished": "2025-12-17T09:11:33.139Z",
"dateReserved": "2025-12-05T13:53:58.531Z",
"dateUpdated": "2026-06-04T06:28:35.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14033 (GCVE-0-2025-14033)
Vulnerability from cvelistv5 – Published: 2026-05-13 05:29 – Updated: 2026-05-13 10:20- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| ghera74 | ilGhera Support System for WooCommerce |
Affected:
0 , ≤ 1.3.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14033",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T10:06:16.530436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T10:20:56.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ilGhera Support System for WooCommerce",
"vendor": "ghera74",
"versions": [
{
"lessThanOrEqual": "1.3.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Md. Moniruzzaman Prodhan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the \u0027get_ticket_content_callback\u0027 function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any support ticket content, including sensitive customer information and private communications, by providing a ticket ID."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T05:29:36.689Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/40ceea17-ec60-4775-8495-e2f7643d1b7c?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wc-support-system/trunk/includes/class-wc-support-system.php#L68"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wc-support-system/tags/1.2.6/includes/class-wc-support-system.php#L68"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wc-support-system/trunk/includes/class-wc-support-system.php#L643"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wc-support-system/tags/1.2.6/includes/class-wc-support-system.php#L643"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wc-support-system/tags/1.3.1/includes/class-wc-support-system.php#L780"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-12T18:27:32.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-05-12T17:11:52.000Z",
"value": "Disclosed"
}
],
"title": "ilGhera Support System for WooCommerce \u003c= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14033",
"datePublished": "2026-05-13T05:29:36.689Z",
"dateReserved": "2025-12-04T14:59:13.237Z",
"dateUpdated": "2026-05-13T10:20:56.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.