CWE-749
AllowedExposed Dangerous Method or Function
Abstraction: Base · Status: Incomplete
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
304 vulnerabilities reference this CWE, most recent first.
GHSA-9VR4-Q3CH-RJ27
Vulnerability from github – Published: 2023-12-01 00:31 – Updated: 2023-12-01 00:31In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet.
{
"affected": [],
"aliases": [
"CVE-2023-39226"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-30T22:15:07Z",
"severity": "CRITICAL"
},
"details": "In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet.",
"id": "GHSA-9vr4-q3ch-rj27",
"modified": "2023-12-01T00:31:00Z",
"published": "2023-12-01T00:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39226"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9WJM-RM4C-RJ9X
Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the updateManagerPassword method. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22010.
{
"affected": [],
"aliases": [
"CVE-2023-51574"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T03:16:16Z",
"severity": "CRITICAL"
},
"details": "Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the updateManagerPassword method. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22010.",
"id": "GHSA-9wjm-rm4c-rj9x",
"modified": "2024-05-03T03:31:07Z",
"published": "2024-05-03T03:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51574"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1880"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C2C7-3M88-9JM2
Vulnerability from github – Published: 2024-04-12 15:37 – Updated: 2024-04-12 15:37IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986.
{
"affected": [],
"aliases": [
"CVE-2024-27261"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-12T13:15:15Z",
"severity": "MODERATE"
},
"details": "IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986.",
"id": "GHSA-c2c7-3m88-9jm2",
"modified": "2024-04-12T15:37:19Z",
"published": "2024-04-12T15:37:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27261"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283986"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7148023"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C43P-C7JP-97PV
Vulnerability from github – Published: 2025-11-04 06:31 – Updated: 2025-11-04 06:31Memory corruption while processing request sent from GVM.
{
"affected": [],
"aliases": [
"CVE-2025-47353"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-04T04:15:38Z",
"severity": "HIGH"
},
"details": "Memory corruption while processing request sent from GVM.",
"id": "GHSA-c43p-c7jp-97pv",
"modified": "2025-11-04T06:31:11Z",
"published": "2025-11-04T06:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47353"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C588-WGHG-39Q4
Vulnerability from github – Published: 2025-05-13 03:31 – Updated: 2025-05-13 03:31SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field. On performing this step the attacker could gain access to highly sensitive information. This could cause a high impact on confidentiality and minimal impact on integrity and availability of the application.
{
"affected": [],
"aliases": [
"CVE-2025-43003"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T01:15:48Z",
"severity": "MODERATE"
},
"details": "SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field. On performing this step the attacker could gain access to highly sensitive information. This could cause a high impact on confidentiality and minimal impact on integrity and availability of the application.",
"id": "GHSA-c588-wghg-39q4",
"modified": "2025-05-13T03:31:14Z",
"published": "2025-05-13T03:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43003"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3596033"
},
{
"type": "WEB",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-C9H8-J583-W6WH
Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2025-05-22 21:30Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can apply the other vulnerabilities within this advisory to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality.
{
"affected": [],
"aliases": [
"CVE-2018-8868"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-03T01:29:00Z",
"severity": "MODERATE"
},
"details": "Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor\u0027s communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can apply the other vulnerabilities within this advisory to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality.",
"id": "GHSA-c9h8-j583-w6wh",
"modified": "2025-05-22T21:30:30Z",
"published": "2022-05-13T01:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8868"
},
{
"type": "WEB",
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-6-28-18.html"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CJFR-9F5R-3Q93
Vulnerability from github – Published: 2025-01-14 15:24 – Updated: 2025-05-20 18:20Problem
A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method.
Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions:
- the user opens a malicious link, such as one sent via email.
- the user visits a compromised or manipulated website while the following settings are misconfigured:
security.backend.enforceReferrerfeature is disabled,BE/cookieSameSiteconfiguration is set tolaxornone
The vulnerability in the affected downstream component “Log Module” allows attackers to remove log entries.
Solution
Update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS that fix the problem described.
Credits
Thanks to Gabriel Dimitrov who reported this issue and to TYPO3 core and security members Benjamin Franzke, Oliver Hader, Andreas Kienast, Torben Hansen, Elias Häußler who fixed the issue.
References
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.4.47"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-belog"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.4.48"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 11.5.41"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-belog"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "11.5.42"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.4.24"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-belog"
},
"ranges": [
{
"events": [
{
"introduced": "12.0.0"
},
{
"fixed": "12.4.25"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 13.4.2"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-belog"
},
"ranges": [
{
"events": [
{
"introduced": "13.0.0"
},
{
"fixed": "13.4.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-55893"
],
"database_specific": {
"cwe_ids": [
"CWE-352",
"CWE-749"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-14T15:24:52Z",
"nvd_published_at": "2025-01-14T20:15:29Z",
"severity": "MODERATE"
},
"details": "### Problem\nA vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method.\n\nSuccessful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions:\n\n* the user opens a malicious link, such as one sent via email.\n* the user visits a compromised or manipulated website while the following settings are misconfigured:\n + `security.backend.enforceReferrer` feature is disabled,\n + `BE/cookieSameSite` configuration is set to `lax` or `none`\n\nThe vulnerability in the affected downstream component \u201cLog Module\u201d allows attackers to remove log entries.\n\n### Solution\nUpdate to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS that fix the problem described.\n\n### Credits\nThanks to Gabriel Dimitrov who reported this issue and to TYPO3 core and security members Benjamin Franzke, Oliver Hader, Andreas Kienast, Torben Hansen, Elias H\u00e4u\u00dfler who fixed the issue.\n\n### References\n* [TYPO3-CORE-SA-2025-003](https://typo3.org/security/advisory/typo3-core-sa-2025-003)",
"id": "GHSA-cjfr-9f5r-3q93",
"modified": "2025-05-20T18:20:59Z",
"published": "2025-01-14T15:24:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-cjfr-9f5r-3q93"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55893"
},
{
"type": "WEB",
"url": "https://github.com/TYPO3-CMS/belog/commit/0eb171fcc5863c74f4890af0c6b3ccecb7e30cce"
},
{
"type": "WEB",
"url": "https://github.com/TYPO3-CMS/belog/commit/db399b80d94bd174e6699eccaf3fac7772a898a9"
},
{
"type": "WEB",
"url": "https://github.com/TYPO3-CMS/belog/commit/ece08246dbcea416ff97d4cc013bf24fb622fe5f"
},
{
"type": "PACKAGE",
"url": "https://github.com/TYPO3-CMS/belog"
},
{
"type": "WEB",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-003"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "TYPO3 Cross-Site Request Forgery in Log Module"
}
GHSA-CM46-GQF4-MV4F
Vulnerability from github – Published: 2024-11-12 19:56 – Updated: 2024-12-16 15:27Impact
This vulnerability is a method exposure issue (CWE-749: Exposed Dangerous Method or Function) in the Orchid Platform’s asynchronous modal functionality, affecting users of Orchid Platform version 8 through 14.42.x. Attackers could exploit this vulnerability to call arbitrary methods within the Screen class, leading to potential brute force of database tables, validation checks against user credentials, and disclosure of the server’s real IP address.
Patches
The issue has been patched in the latest release, version 14.43.0, released on November 6, 2024. Users should upgrade to version 14.43.0 or later to address this vulnerability.
Workarounds
If upgrading to version 14.43.0 is not immediately possible, you can mitigate the vulnerability by implementing middleware to intercept and validate requests to asynchronous modal endpoints, allowing only approved methods and parameters.
Example middleware:
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
class PreventBruteForceOnAsyncRoute
{
/**
* Methods that are restricted from being invoked via the async route.
*/
protected array $restrictedMethods = [
'validate',
'handle',
'__invoke',
'validateWith',
'validateWithBag',
'callAction',
];
/**
* Handle an incoming request.
*/
public function handle(Request $request, Closure $next): Response
{
// Retrieve the current route from the request.
/** @var \Illuminate\Routing\Route|null $route */
$route = $request->route();
// Allow requests to routes other than "platform.async".
if ($route?->getName() !== 'platform.async') {
return $next($request);
}
// Block requests attempting to invoke any of the restricted methods.
if (in_array($route->parameter('method'), $this->restrictedMethods)) {
abort(503, sprintf(
'Access to the "%s" method is restricted.',
$route->parameter('method')
));
}
// Continue request processing for other cases.
return $next($request);
}
}
References
Acknowledgements
We would like to extend our sincere gratitude to Positive Technologies and researcher Vladislav Gladky for identifying the vulnerability and their significant contribution to enhancing the security of our platform. Their expertise and dedication play a crucial role in making Orchid more reliable and secure for all users.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "orchid/platform"
},
"ranges": [
{
"events": [
{
"introduced": "8.0"
},
{
"fixed": "14.43.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-51992"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": true,
"github_reviewed_at": "2024-11-12T19:56:54Z",
"nvd_published_at": "2024-11-11T20:15:19Z",
"severity": "MODERATE"
},
"details": "### Impact\nThis vulnerability is a method exposure issue (CWE-749: Exposed Dangerous Method or Function) in the Orchid Platform\u2019s asynchronous modal functionality, affecting users of Orchid Platform version 8 through 14.42.x. Attackers could exploit this vulnerability to call arbitrary methods within the `Screen` class, leading to potential brute force of database tables, validation checks against user credentials, and disclosure of the server\u2019s real IP address.\n\n### Patches\nThe issue has been patched in the latest release, version 14.43.0, released on November 6, 2024. Users should upgrade to version 14.43.0 or later to address this vulnerability.\n\n### Workarounds\nIf upgrading to version 14.43.0 is not immediately possible, you can mitigate the vulnerability by implementing middleware to intercept and validate requests to asynchronous modal endpoints, allowing only approved methods and parameters.\n\n\nExample middleware:\n\n```php\nnamespace App\\Http\\Middleware;\n\nuse Closure;\nuse Illuminate\\Http\\Request;\nuse Symfony\\Component\\HttpFoundation\\Response;\n\nclass PreventBruteForceOnAsyncRoute\n{\n /**\n * Methods that are restricted from being invoked via the async route.\n */\n protected array $restrictedMethods = [\n \u0027validate\u0027,\n \u0027handle\u0027,\n \u0027__invoke\u0027,\n \u0027validateWith\u0027,\n \u0027validateWithBag\u0027,\n \u0027callAction\u0027,\n ];\n\n /**\n * Handle an incoming request.\n */\n public function handle(Request $request, Closure $next): Response\n {\n // Retrieve the current route from the request.\n /** @var \\Illuminate\\Routing\\Route|null $route */\n $route = $request-\u003eroute();\n\n // Allow requests to routes other than \"platform.async\".\n if ($route?-\u003egetName() !== \u0027platform.async\u0027) {\n return $next($request);\n }\n\n // Block requests attempting to invoke any of the restricted methods.\n if (in_array($route-\u003eparameter(\u0027method\u0027), $this-\u003erestrictedMethods)) {\n abort(503, sprintf(\n \u0027Access to the \"%s\" method is restricted.\u0027,\n $route-\u003eparameter(\u0027method\u0027)\n ));\n }\n\n // Continue request processing for other cases.\n return $next($request);\n }\n}\n```\n\n### References\n- [CWE-749: Exposed Dangerous Method or Function](https://cwe.mitre.org/data/definitions/749.html)\n\n### Acknowledgements\n\nWe would like to extend our sincere gratitude to **Positive Technologies** and researcher **Vladislav Gladky** for identifying the vulnerability and their significant contribution to enhancing the security of our platform. Their expertise and dedication play a crucial role in making **Orchid** more reliable and secure for all users.\n",
"id": "GHSA-cm46-gqf4-mv4f",
"modified": "2024-12-16T15:27:59Z",
"published": "2024-11-12T19:56:54Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/orchidsoftware/platform/security/advisories/GHSA-cm46-gqf4-mv4f"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51992"
},
{
"type": "PACKAGE",
"url": "https://github.com/orchidsoftware/platform"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Orchid Platform has Method Exposure Vulnerability in Modals"
}
GHSA-CVPR-RM84-X4HJ
Vulnerability from github – Published: 2026-05-13 00:48 – Updated: 2026-05-13 00:48The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.
{
"affected": [],
"aliases": [
"CVE-2026-8108"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-12T23:16:19Z",
"severity": "HIGH"
},
"details": "The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.",
"id": "GHSA-cvpr-rm84-x4hj",
"modified": "2026-05-13T00:48:14Z",
"published": "2026-05-13T00:48:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8108"
},
{
"type": "WEB",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-01.json"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-132-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CWRJ-XG8W-3XJ5
Vulnerability from github – Published: 2025-12-24 00:30 – Updated: 2025-12-24 00:30RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the SAS Core Service. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27660.
{
"affected": [],
"aliases": [
"CVE-2025-14491"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-23T22:15:50Z",
"severity": "HIGH"
},
"details": "RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the SAS Core Service. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27660.",
"id": "GHSA-cwrj-xg8w-3xj5",
"modified": "2025-12-24T00:30:15Z",
"published": "2025-12-24T00:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14491"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1164"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
If you must expose a method, make sure to perform input validation on all arguments, limit access to authorized parties, and protect against all possible vulnerabilities.
Mitigation
Strategy: Attack Surface Reduction
- Identify all exposed functionality. Explicitly list all functionality that must be exposed to some user or set of users. Identify which functionality may be:
- Ensure that the implemented code follows these expectations. This includes setting the appropriate access modifiers where applicable (public, private, protected, etc.) or not marking ActiveX controls safe-for-scripting.
- accessible to all users
- restricted to a small set of privileged users
- prevented from being directly accessible at all
CAPEC-500: WebView Injection
An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.