Common Weakness Enumeration

CWE-863

Allowed-with-Review

Incorrect Authorization

Abstraction: Class · Status: Incomplete

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

5541 vulnerabilities reference this CWE, most recent first.

CVE-2025-6003 (GCVE-0-2025-6003)

Vulnerability from cvelistv5 – Published: 2025-06-12 08:22 – Updated: 2026-04-08 16:52
VLAI
Title
WordPress Single Sign-On (SSO) - Multiple Versions - Incorrect Authorization to Sensitive Information Exposure
Summary
The WordPress Single Sign-On (SSO) plugin for WordPress is vulnerable to unauthorized access due to a misconfigured capability check on a function in all versions up to, and including, the *.5.3 versions of the plugin. This makes it possible for unauthenticated attackers to extract sensitive data including site content that has been restricted to certain users and/or roles.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
Assigner
Credits
Israël Hallé
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6003",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-12T13:55:23.738209Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-12T13:55:38.251Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WordPress Single Sign-On (SSO) - Single Site Standard",
          "vendor": "cyberlord92",
          "versions": [
            {
              "lessThanOrEqual": "18.5.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WordPress Single Sign-On (SSO) - Single Site Premium",
          "vendor": "cyberlord92",
          "versions": [
            {
              "lessThanOrEqual": "28.5.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WordPress Single Sign-On (SSO) - Multisite Premium",
          "vendor": "cyberlord92",
          "versions": [
            {
              "lessThanOrEqual": "30.5.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WordPress Single Sign-On (SSO) - Single Site Enterprise",
          "vendor": "cyberlord92",
          "versions": [
            {
              "lessThanOrEqual": "38.5.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WordPress Single Sign-On (SSO) - Multisite Enterprise",
          "vendor": "cyberlord92",
          "versions": [
            {
              "lessThanOrEqual": "40.5.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WordPress Single Sign-On (SSO) - Single Site All-Inclusive",
          "vendor": "cyberlord92",
          "versions": [
            {
              "lessThanOrEqual": "48.5.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WordPress Single Sign-On (SSO) - Multisite All-Inclusive",
          "vendor": "cyberlord92",
          "versions": [
            {
              "lessThanOrEqual": "50.5.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Isra\u00ebl Hall\u00e9"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WordPress Single Sign-On (SSO) plugin for WordPress is vulnerable to unauthorized access due to a misconfigured capability check on a function in all versions up to, and including, the *.5.3 versions of the plugin. This makes it possible for unauthenticated attackers to extract sensitive data including site content that has been restricted to certain users and/or roles."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T16:52:35.712Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/51aa5531-e5b3-4c47-8d06-58eac6dd92fb?source=cve"
        },
        {
          "url": "https://plugins.miniorange.com/wordpress-sso"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-13T00:00:00.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2025-06-11T19:22:27.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "WordPress Single Sign-On (SSO) - Multiple Versions - Incorrect Authorization to Sensitive Information Exposure"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2025-6003",
    "datePublished": "2025-06-12T08:22:43.767Z",
    "dateReserved": "2025-06-11T17:58:46.446Z",
    "dateUpdated": "2026-04-08T16:52:35.712Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-5822 (GCVE-0-2025-5822)

Vulnerability from cvelistv5 – Published: 2025-06-25 18:00 – Updated: 2025-06-26 13:18
VLAI
Title
Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability
Summary
Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. An attacker must first obtain a low-privileged authorization token in order to exploit this vulnerability. The specific flaw exists within the implementation of the Autel Technician API. The issue results from incorrect authorization. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-26325.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
Assigner
zdi
References
Impacted products
Date Public
2025-06-11 17:26
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-5822",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-26T13:17:58.707658Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-26T13:18:05.218Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Autel MaxiCharger AC Wallbox Commercial",
          "vendor": "Autel",
          "versions": [
            {
              "status": "affected",
              "version": "1.36.00"
            }
          ]
        }
      ],
      "dateAssigned": "2025-06-06T19:16:34.709Z",
      "datePublic": "2025-06-11T17:26:56.849Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. An attacker must first obtain a low-privileged authorization token in order to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the Autel Technician API. The issue results from incorrect authorization. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-26325."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-25T18:00:49.179Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-25-340",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-340/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)"
      },
      "title": "Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2025-5822",
    "datePublished": "2025-06-25T18:00:49.179Z",
    "dateReserved": "2025-06-06T19:16:34.664Z",
    "dateUpdated": "2025-06-26T13:18:05.218Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-5187 (GCVE-0-2025-5187)

Vulnerability from cvelistv5 – Published: 2025-08-27 16:20 – Updated: 2026-02-26 17:47
VLAI
Title
Nodes can delete themselves by adding an OwnerReference
Summary
A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
Assigner
Impacted products
Vendor Product Version
Kubernetes Kubernetes Affected: v1.31.0 , ≤ v1.31.11 (custom)
Affected: v1.32.0 , ≤ v1.32.7 (custom)
Affected: v1.33.0 , ≤ v1.33.3 (custom)
Create a notification for this product.
Date Public
2025-08-13 20:00
Credits
Paul Viossat
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-5187",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-28T03:55:27.614711Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:47:59.242Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Kubernetes",
          "vendor": "Kubernetes",
          "versions": [
            {
              "lessThanOrEqual": "v1.31.11",
              "status": "affected",
              "version": "v1.31.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "v1.32.7",
              "status": "affected",
              "version": "v1.32.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "v1.33.3",
              "status": "affected",
              "version": "v1.33.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Paul Viossat"
        }
      ],
      "datePublic": "2025-08-13T20:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection."
            }
          ],
          "value": "A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-554",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-554 Functionality Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-27T16:20:56.778Z",
        "orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
        "shortName": "kubernetes"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/kubernetes/kubernetes/issues/133471"
        },
        {
          "tags": [
            "mailing-list"
          ],
          "url": "https://groups.google.com/g/kubernetes-security-announce/c/znSNY7XCztE"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To mitigate this vulnerability, upgrade Kubernetes:  \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/\"\u003ehttps://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/\u003c/a\u003e\u003cbr\u003e"
            }
          ],
          "value": "To mitigate this vulnerability, upgrade Kubernetes:   https://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Nodes can delete themselves by adding an OwnerReference",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
    "assignerShortName": "kubernetes",
    "cveId": "CVE-2025-5187",
    "datePublished": "2025-08-27T16:20:56.778Z",
    "dateReserved": "2025-05-25T18:24:14.173Z",
    "dateUpdated": "2026-02-26T17:47:59.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-5071 (GCVE-0-2025-5071)

Vulnerability from cvelistv5 – Published: 2025-06-19 09:23 – Updated: 2025-06-20 13:11
VLAI
Title
AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP
Summary
The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like 'wp_create_user', 'wp_update_user' and 'wp_update_option', which can be used for privilege escalation, and 'wp_update_post', 'wp_delete_post', 'wp_update_comment' and 'wp_delete_comment', which can be used to edit and delete posts and comments.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
Assigner
Impacted products
Vendor Product Version
tigroumeow AI Engine Affected: 2.8.0 , ≤ 2.8.3 (semver)
Create a notification for this product.
Credits
István Márton
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-5071",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-20T12:49:14.799564Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T13:11:34.092Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AI Engine",
          "vendor": "tigroumeow",
          "versions": [
            {
              "lessThanOrEqual": "2.8.3",
              "status": "affected",
              "version": "2.8.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Istv\u00e1n M\u00e1rton"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the \u0027Meow_MWAI_Labs_MCP::can_access_mcp\u0027 function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like \u0027wp_create_user\u0027, \u0027wp_update_user\u0027 and \u0027wp_update_option\u0027, which can be used for privilege escalation, and \u0027wp_update_post\u0027, \u0027wp_delete_post\u0027, \u0027wp_update_comment\u0027 and \u0027wp_delete_comment\u0027, which can be used to edit and delete posts and comments."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-19T09:23:47.875Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e7654a1-0020-4bf1-86be-bdb238a9fe0d?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.8.1/labs/mcp.php#L43"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3313554/ai-engine#file21"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-21T00:00:00.000Z",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2025-05-21T00:00:00.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2025-06-18T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2025-5071",
    "datePublished": "2025-06-19T09:23:47.875Z",
    "dateReserved": "2025-05-21T22:04:13.168Z",
    "dateUpdated": "2025-06-20T13:11:34.092Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-4975 (GCVE-0-2025-4975)

Vulnerability from cvelistv5 – Published: 2025-05-22 21:17 – Updated: 2025-10-08 09:37
VLAI
Title
Tapo privilege escalation on shared devices using notifications
Summary
When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
Assigner
Impacted products
Vendor Product Version
TP-Link Systems Inc. TP-Link Tapo app Affected: 0 , < 3.10.513 (3.10.513)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4975",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-23T14:26:25.678883Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-23T14:27:40.507Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Android"
          ],
          "product": "TP-Link Tapo app",
          "vendor": "TP-Link Systems Inc.",
          "versions": [
            {
              "lessThan": "3.10.513",
              "status": "affected",
              "version": "0",
              "versionType": "3.10.513"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device."
            }
          ],
          "value": "When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-08T09:37:20.297Z",
        "orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
        "shortName": "TPLink"
      },
      "references": [
        {
          "url": "https://www.tp-link.com/us/support/faq/4464/"
        },
        {
          "url": "https://play.google.com/store/apps/details?id=com.tplink.iot\u0026hl=en_US"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Tapo privilege escalation on shared devices using notifications",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
    "assignerShortName": "TPLink",
    "cveId": "CVE-2025-4975",
    "datePublished": "2025-05-22T21:17:52.691Z",
    "dateReserved": "2025-05-20T02:56:36.381Z",
    "dateUpdated": "2025-10-08T09:37:20.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-4972 (GCVE-0-2025-4972)

Vulnerability from cvelistv5 – Published: 2025-07-10 08:30 – Updated: 2025-07-10 20:11
VLAI
Title
Incorrect Authorization in GitLab
Summary
An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
Assigner
References
URL Tags
https://gitlab.com/gitlab-org/gitlab/-/issues/543816 issue-trackingpermissions-required
https://hackerone.com/reports/3148693 technical-descriptionexploitpermissions-required
Impacted products
Vendor Product Version
GitLab GitLab Affected: 18.0 , < 18.0.4 (semver)
Affected: 18.1 , < 18.1.2 (semver)
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Thanks [mateuszek](https://hackerone.com/mateuszek) for reporting this vulnerability through our HackerOne bug bounty program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4972",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-10T20:08:31.332460Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-10T20:11:10.748Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "GitLab",
          "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
          "vendor": "GitLab",
          "versions": [
            {
              "lessThan": "18.0.4",
              "status": "affected",
              "version": "18.0",
              "versionType": "semver"
            },
            {
              "lessThan": "18.1.2",
              "status": "affected",
              "version": "18.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks [mateuszek](https://hackerone.com/mateuszek) for reporting this vulnerability through our HackerOne bug bounty program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-10T08:30:59.709Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "name": "GitLab Issue #543816",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/543816"
        },
        {
          "name": "HackerOne Bug Bounty Report #3148693",
          "tags": [
            "technical-description",
            "exploit",
            "permissions-required"
          ],
          "url": "https://hackerone.com/reports/3148693"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to versions 18.0.4, 18.1.2 or above."
        }
      ],
      "title": "Incorrect Authorization in GitLab"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2025-4972",
    "datePublished": "2025-07-10T08:30:59.709Z",
    "dateReserved": "2025-05-19T23:30:54.709Z",
    "dateUpdated": "2025-07-10T20:11:10.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-4960 (GCVE-0-2025-4960)

Vulnerability from cvelistv5 – Published: 2026-02-19 01:37 – Updated: 2026-02-24 01:47
VLAI
Title
macOS Local Privilege Escalation via Improper Authorization Handling in EPSON Printer Controller Installer
Summary
The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly enforce macOS’s authorization model, exposing privileged functionality to untrusted users. Although it invokes the AuthorizationCopyRights API, it does so using overly permissive custom rights that it registers in the system’s authorization database (/var/db/auth.db). These rights can be requested and granted by the authorization daemon to any local user, regardless of privilege level. As a result, an attacker can exploit the vulnerable service to perform privileged operations such as executing arbitrary commands or installing system components without requiring administrative credentials.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
Assigner
Impacted products
Vendor Product Version
EPSON EPSON Printer Controller Installer Affected: 0 , ≤ 1.0.0 (semver)
Create a notification for this product.
Date Public
2026-02-19 01:32
Credits
Carlos Garrido of Pentraze Cybersecurity
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4960",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-24T01:46:54.984973Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-24T01:47:09.720Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://epson.com.do/Soporte/Impresoras/Impresoras-multifuncionales/sh/s100",
          "defaultStatus": "unaffected",
          "packageName": "com.epson.InstallNavi.helper",
          "platforms": [
            "MacOS"
          ],
          "product": "EPSON Printer Controller Installer",
          "vendor": "EPSON",
          "versions": [
            {
              "lessThanOrEqual": "1.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:epson:epson_printer_controller_installer:*:*:*:*:*:*:*:0",
                  "versionEndIncluding": "1.0.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Carlos Garrido of Pentraze Cybersecurity"
        }
      ],
      "datePublic": "2026-02-19T01:32:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe \u003ccode\u003ecom.epson.InstallNavi.helper\u003c/code\u003e tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly enforce macOS\u2019s authorization model, exposing privileged functionality to untrusted users. Although it invokes the \u003ccode\u003eAuthorizationCopyRights\u003c/code\u003e API, it does so using overly permissive custom rights that it registers in the system\u2019s authorization database (\u003ccode\u003e/var/db/auth.db\u003c/code\u003e).\u003c/p\u003e\n\u003cp\u003eThese rights can be requested and granted by the authorization daemon to any local user, regardless of privilege level. As a result, an attacker can exploit the vulnerable service to perform privileged operations such as executing arbitrary commands or installing system components without requiring administrative credentials.\u003c/p\u003e"
            }
          ],
          "value": "The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly enforce macOS\u2019s authorization model, exposing privileged functionality to untrusted users. Although it invokes the AuthorizationCopyRights API, it does so using overly permissive custom rights that it registers in the system\u2019s authorization database (/var/db/auth.db).\n\n\nThese rights can be requested and granted by the authorization daemon to any local user, regardless of privilege level. As a result, an attacker can exploit the vulnerable service to perform privileged operations such as executing arbitrary commands or installing system components without requiring administrative credentials."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-19T01:37:22.018Z",
        "orgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
        "shortName": "Pentraze"
      },
      "references": [
        {
          "url": "https://pentraze.com/vulnerability-reports/cve-2025-4960/"
        },
        {
          "url": "https://pentraze.com/vulnerability-reports/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "macOS Local Privilege Escalation via Improper Authorization Handling in EPSON Printer Controller Installer",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
    "assignerShortName": "Pentraze",
    "cveId": "CVE-2025-4960",
    "datePublished": "2026-02-19T01:37:22.018Z",
    "dateReserved": "2025-05-19T17:26:58.497Z",
    "dateUpdated": "2026-02-24T01:47:09.720Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-4646 (GCVE-0-2025-4646)

Vulnerability from cvelistv5 – Published: 2025-05-13 09:17 – Updated: 2025-10-08 10:00
VLAI
Title
A high privilege user is able to create and use a valid admin API token in centreon-web
Summary
Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Vendor Product Version
Centreon web Affected: 24.04.0 , < 24.04.10 (semver)
Affected: 24.10.0 , < 24.10.4 (semver)
Create a notification for this product.
Date Public
2025-03-10 10:00
Credits
Floerer from YesWeHack
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4646",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-13T13:08:49.597644Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-13T13:09:27.301Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "web",
          "vendor": "Centreon",
          "versions": [
            {
              "lessThan": "24.04.10",
              "status": "affected",
              "version": "24.04.0",
              "versionType": "semver"
            },
            {
              "lessThan": "24.10.4",
              "status": "affected",
              "version": "24.10.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Floerer from YesWeHack"
        }
      ],
      "datePublic": "2025-03-10T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.\u003cp\u003eThis issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.\u003c/p\u003e"
            }
          ],
          "value": "Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-08T10:00:43.607Z",
        "orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
        "shortName": "Centreon"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55572-centreon-web-high-severity-4460"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://github.com/centreon/centreon/releases"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "A high privilege user is able to create and use a valid admin API token in centreon-web",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
    "assignerShortName": "Centreon",
    "cveId": "CVE-2025-4646",
    "datePublished": "2025-05-13T09:17:35.146Z",
    "dateReserved": "2025-05-13T08:17:11.709Z",
    "dateUpdated": "2025-10-08T10:00:43.607Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-4128 (GCVE-0-2025-4128)

Vulnerability from cvelistv5 – Published: 2025-06-11 10:25 – Updated: 2025-06-11 13:12
VLAI
Title
Mattermost Guest User Information Disclosure Vulnerability
Summary
Mattermost versions 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/{team_id}.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Vendor Product Version
Mattermost Mattermost Affected: 10.5.0 , ≤ 10.5.4 (semver)
Affected: 9.11.0 , ≤ 9.11.13 (semver)
Unaffected: 10.8.0
Unaffected: 10.5.5
Unaffected: 9.11.14
Create a notification for this product.
Credits
hackit_bharat
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4128",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-11T13:12:34.593975Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-11T13:12:40.338Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "10.5.4",
              "status": "affected",
              "version": "10.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.11.13",
              "status": "affected",
              "version": "9.11.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "10.8.0"
            },
            {
              "status": "unaffected",
              "version": "10.5.5"
            },
            {
              "status": "unaffected",
              "version": "9.11.14"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "hackit_bharat"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mattermost versions 10.5.x \u003c= 10.5.4, 9.11.x \u003c= 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/{team_id}."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-11T10:25:04.917Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update Mattermost to versions 10.8.0, 10.5.5, 9.11.14 or higher."
        }
      ],
      "source": {
        "advisory": "MMSA-2025-00468",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-63790"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Mattermost Guest User Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2025-4128",
    "datePublished": "2025-06-11T10:25:04.917Z",
    "dateReserved": "2025-04-30T07:45:45.749Z",
    "dateUpdated": "2025-06-11T13:12:40.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-4101 (GCVE-0-2025-4101)

Vulnerability from cvelistv5 – Published: 2025-05-17 12:22 – Updated: 2026-04-08 16:55
VLAI
Title
MultiVendorX – WooCommerce Multivendor Marketplace Solutions <= 4.2.22 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Post Deletion
Summary
The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the 'delete_fpm_product' function in all versions up to, and including, 4.2.22. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary posts, pages, attachments, and products. The vulnerability was partially patched in version 4.2.22.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
Assigner
Impacted products
Credits
Brian Sans-Souci
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4101",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-19T14:49:33.654965Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-19T14:49:42.304Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MultiVendorX \u2013 WooCommerce Multivendor Marketplace Solutions",
          "vendor": "wcmp",
          "versions": [
            {
              "lessThanOrEqual": "4.2.22",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Brian Sans-Souci"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The MultiVendorX \u2013 WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the \u0027delete_fpm_product\u0027 function in all versions up to, and including, 4.2.22. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary posts, pages, attachments, and products. The vulnerability was partially patched in version 4.2.22."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T16:55:32.506Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c1fd517-32ee-429d-9026-512afe117dc5?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/trunk/classes/class-mvx-ajax.php#L982"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3293832/dc-woocommerce-multi-vendor/trunk/classes/class-mvx-ajax.php?old=3272848\u0026old_path=dc-woocommerce-multi-vendor%2Ftrunk%2Fclasses%2Fclass-mvx-ajax.php"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-16T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "MultiVendorX \u2013 WooCommerce Multivendor Marketplace Solutions \u003c= 4.2.22 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Post Deletion"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2025-4101",
    "datePublished": "2025-05-17T12:22:42.688Z",
    "dateReserved": "2025-04-29T18:54:24.866Z",
    "dateUpdated": "2026-04-08T16:55:32.506Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design
  • Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
  • Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Architecture and Design

Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].

Mitigation MIT-4.4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Architecture and Design
  • For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
  • One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
System Configuration Installation

Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.

No CAPEC attack patterns related to this CWE.