CWE-266
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CVE-2025-14503 (GCVE-0-2025-14503)
Vulnerability from cvelistv5 – Published: 2025-12-15 19:45 – Updated: 2026-02-26 16:07
VLAI
Title
Overly Permissive Trust Policy in Harmonix on AWS EKS
Summary
An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any IAM principal in the same AWS account with sts:AssumeRole permissions to assume the role with administrative privileges.
We recommend customers upgrade to Harmonix on AWS v0.4.2 or later if you have deployed the framework using versions v0.3.0 through v0.4.1.
Severity
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/awslabs/harmonix/pull/189 | patch |
| https://aws.amazon.com/security/security-bulletin… | vendor-advisory |
| https://github.com/awslabs/harmonix/security/advi… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AWS | Harmonix on AWS |
Affected:
0.3.0 , < 0.4.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14503",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T04:56:04.348854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:07:40.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Harmonix on AWS",
"vendor": "AWS",
"versions": [
{
"lessThan": "0.4.2",
"status": "affected",
"version": "0.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eAn overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any IAM principal in the same AWS account with sts:AssumeRole permissions to assume the role with administrative privileges.\u003c/p\u003e\u003cbr\u003eWe recommend customers upgrade to Harmonix on AWS v0.4.2 or later if you have deployed the framework using versions v0.3.0 through v0.4.1. \u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any IAM principal in the same AWS account with sts:AssumeRole permissions to assume the role with administrative privileges.\n\n\nWe recommend customers upgrade to Harmonix on AWS v0.4.2 or later if you have deployed the framework using versions v0.3.0 through v0.4.1."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T23:13:44.545Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/awslabs/harmonix/pull/189"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-031/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/awslabs/harmonix/security/advisories/GHSA-qm86-gqrq-mqcw"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Overly Permissive Trust Policy in Harmonix on AWS EKS",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2025-14503",
"datePublished": "2025-12-15T19:45:00.729Z",
"dateReserved": "2025-12-10T21:04:10.009Z",
"dateUpdated": "2026-02-26T16:07:40.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14660 (GCVE-0-2025-14660)
Vulnerability from cvelistv5 – Published: 2025-12-14 12:32 – Updated: 2025-12-15 20:55 X_Open Source
VLAI
Title
DecoCMS Mesh Workspace Domain api.ts createTool access control
Summary
A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been published and may be used. Upgrading to version 1.0.0-alpha.32 addresses this issue. Patch name: 5f7315e05852faf3a9c177c0a34f9ea9b0371d3d. It is recommended to upgrade the affected component.
Severity
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.336392 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.336392 | signaturepermissions-required |
| https://vuldb.com/?submit.713741 | third-party-advisory |
| https://github.com/decocms/mesh/pull/1967 | issue-tracking |
| https://github.com/decocms/mesh/pull/1967#issueco… | issue-tracking |
| https://github.com/decocms/mesh/pull/1967#issue-3… | exploitissue-tracking |
| https://github.com/decocms/mesh/commit/5f7315e058… | patch |
| https://github.com/decocms/mesh/releases/tag/runt… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| DecoCMS | Mesh |
Affected:
1.0.0-alpha.0
Affected: 1.0.0-alpha.1 Affected: 1.0.0-alpha.2 Affected: 1.0.0-alpha.3 Affected: 1.0.0-alpha.4 Affected: 1.0.0-alpha.5 Affected: 1.0.0-alpha.6 Affected: 1.0.0-alpha.7 Affected: 1.0.0-alpha.8 Affected: 1.0.0-alpha.9 Affected: 1.0.0-alpha.10 Affected: 1.0.0-alpha.11 Affected: 1.0.0-alpha.12 Affected: 1.0.0-alpha.13 Affected: 1.0.0-alpha.14 Affected: 1.0.0-alpha.15 Affected: 1.0.0-alpha.16 Affected: 1.0.0-alpha.17 Affected: 1.0.0-alpha.18 Affected: 1.0.0-alpha.19 Affected: 1.0.0-alpha.20 Affected: 1.0.0-alpha.21 Affected: 1.0.0-alpha.22 Affected: 1.0.0-alpha.23 Affected: 1.0.0-alpha.24 Affected: 1.0.0-alpha.25 Affected: 1.0.0-alpha.26 Affected: 1.0.0-alpha.27 Affected: 1.0.0-alpha.28 Affected: 1.0.0-alpha.29 Affected: 1.0.0-alpha.30 Affected: 1.0.0-alpha.31 Unaffected: 1.0.0-alpha.32 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14660",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:54:55.484541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:55:13.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Workspace Domain Handler"
],
"product": "Mesh",
"vendor": "DecoCMS",
"versions": [
{
"status": "affected",
"version": "1.0.0-alpha.0"
},
{
"status": "affected",
"version": "1.0.0-alpha.1"
},
{
"status": "affected",
"version": "1.0.0-alpha.2"
},
{
"status": "affected",
"version": "1.0.0-alpha.3"
},
{
"status": "affected",
"version": "1.0.0-alpha.4"
},
{
"status": "affected",
"version": "1.0.0-alpha.5"
},
{
"status": "affected",
"version": "1.0.0-alpha.6"
},
{
"status": "affected",
"version": "1.0.0-alpha.7"
},
{
"status": "affected",
"version": "1.0.0-alpha.8"
},
{
"status": "affected",
"version": "1.0.0-alpha.9"
},
{
"status": "affected",
"version": "1.0.0-alpha.10"
},
{
"status": "affected",
"version": "1.0.0-alpha.11"
},
{
"status": "affected",
"version": "1.0.0-alpha.12"
},
{
"status": "affected",
"version": "1.0.0-alpha.13"
},
{
"status": "affected",
"version": "1.0.0-alpha.14"
},
{
"status": "affected",
"version": "1.0.0-alpha.15"
},
{
"status": "affected",
"version": "1.0.0-alpha.16"
},
{
"status": "affected",
"version": "1.0.0-alpha.17"
},
{
"status": "affected",
"version": "1.0.0-alpha.18"
},
{
"status": "affected",
"version": "1.0.0-alpha.19"
},
{
"status": "affected",
"version": "1.0.0-alpha.20"
},
{
"status": "affected",
"version": "1.0.0-alpha.21"
},
{
"status": "affected",
"version": "1.0.0-alpha.22"
},
{
"status": "affected",
"version": "1.0.0-alpha.23"
},
{
"status": "affected",
"version": "1.0.0-alpha.24"
},
{
"status": "affected",
"version": "1.0.0-alpha.25"
},
{
"status": "affected",
"version": "1.0.0-alpha.26"
},
{
"status": "affected",
"version": "1.0.0-alpha.27"
},
{
"status": "affected",
"version": "1.0.0-alpha.28"
},
{
"status": "affected",
"version": "1.0.0-alpha.29"
},
{
"status": "affected",
"version": "1.0.0-alpha.30"
},
{
"status": "affected",
"version": "1.0.0-alpha.31"
},
{
"status": "unaffected",
"version": "1.0.0-alpha.32"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cucumbersalad (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been published and may be used. Upgrading to version 1.0.0-alpha.32 addresses this issue. Patch name: 5f7315e05852faf3a9c177c0a34f9ea9b0371d3d. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.1,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-14T12:32:08.752Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-336392 | DecoCMS Mesh Workspace Domain api.ts createTool access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.336392"
},
{
"name": "VDB-336392 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.336392"
},
{
"name": "Submit #713741 | Deco deco-mesh runtime v1.0.0-alpha.31 Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.713741"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/decocms/mesh/pull/1967"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/decocms/mesh/pull/1967#issuecomment-3622379237"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/decocms/mesh/pull/1967#issue-3700934099"
},
{
"tags": [
"patch"
],
"url": "https://github.com/decocms/mesh/commit/5f7315e05852faf3a9c177c0a34f9ea9b0371d3d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/decocms/mesh/releases/tag/runtime-v1.0.0-alpha.32"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-12-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-13T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-13T14:30:21.000Z",
"value": "VulDB entry last update"
}
],
"title": "DecoCMS Mesh Workspace Domain api.ts createTool access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14660",
"datePublished": "2025-12-14T12:32:08.752Z",
"dateReserved": "2025-12-13T13:25:14.748Z",
"dateUpdated": "2025-12-15T20:55:13.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14748 (GCVE-0-2025-14748)
Vulnerability from cvelistv5 – Published: 2025-12-16 03:02 – Updated: 2025-12-16 21:01
VLAI
Title
Ningyuanda TC155 ONVIF Device Management Service device_service access control
Summary
A vulnerability was determined in Ningyuanda TC155 57.0.2.0. This affects an unknown function of the file /onvif/device_service of the component ONVIF Device Management Service. Executing manipulation of the argument FactoryDefault with the input Hard can lead to improper access controls. The attack requires access to the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.336521 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.336521 | signaturepermissions-required |
| https://vuldb.com/?submit.707197 | third-party-advisory |
| https://github.com/pwnpwnpur1n/IoT-advisories/blo… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ningyuanda | TC155 |
Affected:
57.0.2.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14748",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T20:48:51.659721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T21:01:07.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"ONVIF Device Management Service"
],
"product": "TC155",
"vendor": "Ningyuanda",
"versions": [
{
"status": "affected",
"version": "57.0.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "keroomi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Ningyuanda TC155 57.0.2.0. This affects an unknown function of the file /onvif/device_service of the component ONVIF Device Management Service. Executing manipulation of the argument FactoryDefault with the input Hard can lead to improper access controls. The attack requires access to the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T03:02:08.269Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-336521 | Ningyuanda TC155 ONVIF Device Management Service device_service access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.336521"
},
{
"name": "VDB-336521 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.336521"
},
{
"name": "Submit #707197 | Shenzhen Ningyuanda Technology Co., Ltd. TC155 IP Camera Firmware version: 57.0.2.0 Unauthenticated Hard Reset via ONVIF SetSystemFactoryDefault",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.707197"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/pwnpwnpur1n/IoT-advisories/blob/main/TC155-Unauth-Hard-Reset.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-15T21:44:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "Ningyuanda TC155 ONVIF Device Management Service device_service access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14748",
"datePublished": "2025-12-16T03:02:08.269Z",
"dateReserved": "2025-12-15T20:39:17.819Z",
"dateUpdated": "2025-12-16T21:01:07.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14749 (GCVE-0-2025-14749)
Vulnerability from cvelistv5 – Published: 2025-12-16 03:02 – Updated: 2025-12-16 20:48
VLAI
Title
Ningyuanda TC155 ONVIF PTZ Control device_service access control
Summary
A vulnerability was identified in Ningyuanda TC155 57.0.2.0. This impacts an unknown function of the file /onvif/device_service of the component ONVIF PTZ Control Interface. The manipulation leads to improper access controls. The attack requires being on the local network. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.336522 | vdb-entry |
| https://vuldb.com/?ctiid.336522 | signaturepermissions-required |
| https://vuldb.com/?submit.707198 | third-party-advisory |
| https://github.com/pwnpwnpur1n/IoT-advisories/blo… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ningyuanda | TC155 |
Affected:
57.0.2.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14749",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T20:46:17.290265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T20:48:27.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"ONVIF PTZ Control Interface"
],
"product": "TC155",
"vendor": "Ningyuanda",
"versions": [
{
"status": "affected",
"version": "57.0.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "keroomi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Ningyuanda TC155 57.0.2.0. This impacts an unknown function of the file /onvif/device_service of the component ONVIF PTZ Control Interface. The manipulation leads to improper access controls. The attack requires being on the local network. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T03:02:10.508Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-336522 | Ningyuanda TC155 ONVIF PTZ Control device_service access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.336522"
},
{
"name": "VDB-336522 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.336522"
},
{
"name": "Submit #707198 | Shenzhen Ningyuanda Technology Co., Ltd. TC155 IP Camera Firmware version: 57.0.2.0 Unauthenticated ONVIF PTZ Full Remote Camera Control",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.707198"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/pwnpwnpur1n/IoT-advisories/blob/main/TC155-Unauth-PTZ-Remote-Control.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-15T21:44:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "Ningyuanda TC155 ONVIF PTZ Control device_service access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14749",
"datePublished": "2025-12-16T03:02:10.508Z",
"dateReserved": "2025-12-15T20:39:20.608Z",
"dateUpdated": "2025-12-16T20:48:27.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14778 (GCVE-0-2025-14778)
Vulnerability from cvelistv5 – Published: 2026-02-09 18:58 – Updated: 2026-02-10 01:04
VLAI
Title
Keycloak: incorrect ownership checks in /uma-policy/
Summary
A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService (UMA Protection API). When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's ownership against the first resource in the policy's list. This allows a user (Owner A) who owns one resource (RA) to update a shared policy and modify authorization rules for other resources (e.g., RB) in that same policy, even if those other resources are owned by a different user (Owner B). This constitutes a horizontal privilege escalation.
Severity
5.4 (Medium)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:2363 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:2364 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:2365 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:2366 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2025-14778 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2422600 | issue-trackingx_refsource_REDHAT |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat build of Keycloak 26.2 |
Unaffected:
26.2.13-1 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.2::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.2 |
Unaffected:
26.2-15 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.2::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.2 |
Unaffected:
26.2-15 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.2::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.2.13 |
cpe:/a:redhat:build_keycloak:26.2::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.4 |
Unaffected:
26.4.9-1 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.4::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.4 |
Unaffected:
26.4-11 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.4::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.4 |
Unaffected:
26.4-10 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.4::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.4.9 |
cpe:/a:redhat:build_keycloak:26.4::el9 |
Date Public
2026-02-09 18:24
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T19:51:45.628050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T19:51:55.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-operator-bundle",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2.13-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2-15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2-15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "unaffected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.2.13",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-operator-bundle",
"product": "Red Hat build of Keycloak 26.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.4.9-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 26.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.4-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.4-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "unaffected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.4.9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Joshua Rogers for reporting this issue."
}
],
"datePublic": "2026-02-09T18:24:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService (UMA Protection API). When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller\u0027s ownership against the first resource in the policy\u0027s list. This allows a user (Owner A) who owns one resource (RA) to update a shared policy and modify authorization rules for other resources (e.g., RB) in that same policy, even if those other resources are owned by a different user (Owner B). This constitutes a horizontal privilege escalation."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T01:04:37.407Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:2363",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2363"
},
{
"name": "RHSA-2026:2364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2364"
},
{
"name": "RHSA-2026:2365",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2365"
},
{
"name": "RHSA-2026:2366",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2366"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-14778"
},
{
"name": "RHBZ#2422600",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422600"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-16T05:01:06.107Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-02-09T18:24:00.000Z",
"value": "Made public."
}
],
"title": "Keycloak: incorrect ownership checks in /uma-policy/",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-14778",
"datePublished": "2026-02-09T18:58:29.065Z",
"dateReserved": "2025-12-16T05:02:19.510Z",
"dateUpdated": "2026-02-10T01:04:37.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14889 (GCVE-0-2025-14889)
Vulnerability from cvelistv5 – Published: 2025-12-18 20:02 – Updated: 2026-02-24 05:54 X_Freeware
VLAI
Title
Campcodes Advanced Voting Management System Password voters_edit.php improper authorization
Summary
A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/voters_edit.php of the component Password Handler. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
Severity
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.337378 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.337378 | signaturepermissions-required |
| https://vuldb.com/?submit.715643 | third-party-advisory |
| https://gist.github.com/nikstudy576-maker/82e1e1e… | exploit |
| https://www.campcodes.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Campcodes | Advanced Voting Management System |
Affected:
1.0
cpe:2.3:a:campcodes:advanced_voting_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14889",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T20:15:32.560335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T20:15:44.091Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:campcodes:advanced_voting_management_system:*:*:*:*:*:*:*:*"
],
"modules": [
"Password Handler"
],
"product": "Advanced Voting Management System",
"vendor": "Campcodes",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Err404 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/voters_edit.php of the component Password Handler. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.5,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T05:54:36.637Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-337378 | Campcodes Advanced Voting Management System Password voters_edit.php improper authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.337378"
},
{
"name": "VDB-337378 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.337378"
},
{
"name": "Submit #715643 | campcodes Advanced Voting Management System using PHP/MySQLi 1.0 Authentication Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.715643"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/nikstudy576-maker/82e1e1ede9b848880aa09b87b92bc22c"
},
{
"tags": [
"product"
],
"url": "https://www.campcodes.com/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2025-12-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-18T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-25T01:47:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "Campcodes Advanced Voting Management System Password voters_edit.php improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14889",
"datePublished": "2025-12-18T20:02:07.993Z",
"dateReserved": "2025-12-18T14:12:13.912Z",
"dateUpdated": "2026-02-24T05:54:36.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15084 (GCVE-0-2025-15084)
Vulnerability from cvelistv5 – Published: 2025-12-25 18:32 – Updated: 2025-12-29 21:29
VLAI
Title
youlaitech youlai-mall Order Payment OrderController.java orderService.payOrder access control
Summary
A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.338412 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.338412 | signaturepermissions-required |
| https://vuldb.com/?submit.708174 | third-party-advisory |
| https://github.com/Hwwg/cve/issues/24 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| youlaitech | youlai-mall |
Affected:
1.0.0
Affected: 2.0.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15084",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-29T21:29:08.741631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-29T21:29:17.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Order Payment Handler"
],
"product": "youlai-mall",
"vendor": "youlaitech",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "huangweigang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.1,
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-25T18:32:05.729Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-338412 | youlaitech youlai-mall Order Payment OrderController.java orderService.payOrder access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.338412"
},
{
"name": "VDB-338412 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.338412"
},
{
"name": "Submit #708174 | youlai-mall latest Improper Control of Resource Identifiers",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.708174"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Hwwg/cve/issues/24"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-25T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-25T10:55:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "youlaitech youlai-mall Order Payment OrderController.java orderService.payOrder access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15084",
"datePublished": "2025-12-25T18:32:05.729Z",
"dateReserved": "2025-12-25T09:49:51.756Z",
"dateUpdated": "2025-12-29T21:29:17.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15085 (GCVE-0-2025-15085)
Vulnerability from cvelistv5 – Published: 2025-12-25 19:32 – Updated: 2025-12-29 21:28
VLAI
Title
youlaitech youlai-mall Balance MemberController.java deductBalance improper authorization
Summary
A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.338413 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.338413 | signaturepermissions-required |
| https://vuldb.com/?submit.708175 | third-party-advisory |
| https://github.com/Hwwg/cve/issues/26 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| youlaitech | youlai-mall |
Affected:
1.0.0
Affected: 2.0.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15085",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-29T21:28:23.095883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-29T21:28:29.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Balance Handler"
],
"product": "youlai-mall",
"vendor": "youlaitech",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "huangweigang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-25T19:32:08.203Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-338413 | youlaitech youlai-mall Balance MemberController.java deductBalance improper authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.338413"
},
{
"name": "VDB-338413 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.338413"
},
{
"name": "Submit #708175 | youlai-mall latest Improper Control of Resource Identifiers",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.708175"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Hwwg/cve/issues/26"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-25T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-25T10:55:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "youlaitech youlai-mall Balance MemberController.java deductBalance improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15085",
"datePublished": "2025-12-25T19:32:08.203Z",
"dateReserved": "2025-12-25T09:49:58.859Z",
"dateUpdated": "2025-12-29T21:28:29.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15086 (GCVE-0-2025-15086)
Vulnerability from cvelistv5 – Published: 2025-12-25 20:32 – Updated: 2025-12-29 19:37
VLAI
Title
youlaitech youlai-mall MemberController.java getMemberByMobile access control
Summary
A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.338414 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.338414 | signaturepermissions-required |
| https://vuldb.com/?submit.708176 | third-party-advisory |
| https://github.com/Hwwg/cve/issues/27 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| youlaitech | youlai-mall |
Affected:
1.0.0
Affected: 2.0.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15086",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-29T19:34:41.674337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-29T19:37:23.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "youlai-mall",
"vendor": "youlaitech",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "huangweigang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-25T20:32:06.220Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-338414 | youlaitech youlai-mall MemberController.java getMemberByMobile access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.338414"
},
{
"name": "VDB-338414 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.338414"
},
{
"name": "Submit #708176 | youlai-mall latest Improper Control of Resource Identifiers",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.708176"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Hwwg/cve/issues/27"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-25T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-25T10:55:08.000Z",
"value": "VulDB entry last update"
}
],
"title": "youlaitech youlai-mall MemberController.java getMemberByMobile access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15086",
"datePublished": "2025-12-25T20:32:06.220Z",
"dateReserved": "2025-12-25T09:50:02.863Z",
"dateUpdated": "2025-12-29T19:37:23.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15087 (GCVE-0-2025-15087)
Vulnerability from cvelistv5 – Published: 2025-12-25 21:02 – Updated: 2026-02-26 16:44
VLAI
Title
youlaitech youlai-mall OrderController.java submitOrderPayment improper authorization
Summary
A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.338415 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.338415 | signaturepermissions-required |
| https://vuldb.com/?submit.708180 | third-party-advisory |
| https://github.com/Hwwg/cve/issues/30 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| youlaitech | youlai-mall |
Affected:
1.0.0
Affected: 2.0.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15087",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-29T19:07:47.732335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-29T19:07:55.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "youlai-mall",
"vendor": "youlaitech",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "huangweigang (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:44:41.509Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-338415 | youlaitech youlai-mall OrderController.java submitOrderPayment improper authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.338415"
},
{
"name": "VDB-338415 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.338415"
},
{
"name": "Submit #708180 | youlai-mall latest Improper Control of Resource Identifiers",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.708180"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Hwwg/cve/issues/30"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-25T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-26T17:49:34.000Z",
"value": "VulDB entry last update"
}
],
"title": "youlaitech youlai-mall OrderController.java submitOrderPayment improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15087",
"datePublished": "2025-12-25T21:02:07.632Z",
"dateReserved": "2025-12-25T09:50:06.616Z",
"dateUpdated": "2026-02-26T16:44:41.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-17
Phases: Architecture and Design, Operation
Strategy: Environment Hardening
Description:
- Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.