CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CVE-2025-57759 (GCVE-0-2025-57759)
Vulnerability from cvelistv5 – Published: 2025-08-28 16:32 – Updated: 2025-08-28 17:16
VLAI
Title
Contao has improper privilege management for page and article fields
Summary
Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no workarounds.
Severity
4.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/contao/contao/security/advisor… | x_refsource_CONFIRM |
| https://github.com/contao/contao/commit/80ee7db12… | x_refsource_MISC |
| https://contao.org/en/security-advisories/imprope… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T17:16:51.325478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T17:16:55.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.3.0, \u003c 5.3.38"
},
{
"status": "affected",
"version": "\u003e= 5.4.0-RC1, \u003c 5.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T16:32:59.022Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contao/contao/security/advisories/GHSA-qqfq-7cpp-hcqj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-qqfq-7cpp-hcqj"
},
{
"name": "https://github.com/contao/contao/commit/80ee7db12d55ad979d9b1b180f273d4e2668851f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contao/contao/commit/80ee7db12d55ad979d9b1b180f273d4e2668851f"
},
{
"name": "https://contao.org/en/security-advisories/improper-privilege-management-for-page-and-article-fields",
"tags": [
"x_refsource_MISC"
],
"url": "https://contao.org/en/security-advisories/improper-privilege-management-for-page-and-article-fields"
}
],
"source": {
"advisory": "GHSA-qqfq-7cpp-hcqj",
"discovery": "UNKNOWN"
},
"title": "Contao has improper privilege management for page and article fields"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-57759",
"datePublished": "2025-08-28T16:32:59.022Z",
"dateReserved": "2025-08-19T15:16:22.916Z",
"dateUpdated": "2025-08-28T17:16:55.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57760 (GCVE-0-2025-57760)
Vulnerability from cvelistv5 – Published: 2025-08-25 16:22 – Updated: 2025-08-25 20:34
VLAI
Title
Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation
Summary
Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time.
Severity
8.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/langflow-ai/langflow/security/… | x_refsource_CONFIRM |
| https://github.com/langflow-ai/langflow/commit/c1… | x_refsource_MISC |
| http://github.com/langflow-ai/langflow/pull/9152 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| langflow-ai | langflow |
Affected:
<= 1.5.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57760",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T20:34:06.026151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T20:34:14.809Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "langflow",
"vendor": "langflow-ai",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T16:22:17.772Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-4gv9-mp8m-592r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-4gv9-mp8m-592r"
},
{
"name": "https://github.com/langflow-ai/langflow/commit/c188ec113c9ca46154ad01d0eded1754cc6bef97",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langflow-ai/langflow/commit/c188ec113c9ca46154ad01d0eded1754cc6bef97"
},
{
"name": "http://github.com/langflow-ai/langflow/pull/9152",
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/langflow-ai/langflow/pull/9152"
}
],
"source": {
"advisory": "GHSA-4gv9-mp8m-592r",
"discovery": "UNKNOWN"
},
"title": "Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-57760",
"datePublished": "2025-08-25T16:22:17.772Z",
"dateReserved": "2025-08-19T15:16:22.917Z",
"dateUpdated": "2025-08-25T20:34:14.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57840 (GCVE-0-2025-57840)
Vulnerability from cvelistv5 – Published: 2025-12-24 06:55 – Updated: 2025-12-24 16:38
VLAI
Title
Privilege Bypass in ADB
Summary
ADB(Android Debug Bridge) is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.
Severity
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57840",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T16:37:49.876396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T16:38:01.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Magic OS",
"vendor": "Honor",
"versions": [
{
"lessThan": "9.0.0.169",
"status": "affected",
"version": "Magic OS",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eADB(Android Debug Bridge) is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.\u003c/span\u003e"
}
],
"value": "ADB(Android Debug Bridge) is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T06:55:54.348Z",
"orgId": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"shortName": "Honor"
},
"references": [
{
"url": "https://www.honor.com/global/security/cve-2025-57840"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege Bypass in ADB",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"assignerShortName": "Honor",
"cveId": "CVE-2025-57840",
"datePublished": "2025-12-24T06:55:53.538Z",
"dateReserved": "2025-08-21T03:17:26.138Z",
"dateUpdated": "2025-12-24T16:38:01.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58053 (GCVE-0-2025-58053)
Vulnerability from cvelistv5 – Published: 2025-12-19 16:26 – Updated: 2025-12-19 18:00
VLAI
Title
Galette has a privilege escalation vulnerability
Summary
Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue.
Severity
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/galette/galette/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58053",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T17:25:11.178028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T18:00:53.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "galette",
"vendor": "galette",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T16:26:00.148Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/galette/galette/security/advisories/GHSA-r7x8-6r56-498r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/galette/galette/security/advisories/GHSA-r7x8-6r56-498r"
}
],
"source": {
"advisory": "GHSA-r7x8-6r56-498r",
"discovery": "UNKNOWN"
},
"title": "Galette has a privilege escalation vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58053",
"datePublished": "2025-12-19T16:26:00.148Z",
"dateReserved": "2025-08-22T14:30:32.221Z",
"dateUpdated": "2025-12-19T18:00:53.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58432 (GCVE-0-2025-58432)
Vulnerability from cvelistv5 – Published: 2025-09-17 17:31 – Updated: 2025-09-17 17:47
VLAI
Title
ZimaOS Privilege Escalation using localhost calls to File API Upload
Summary
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v2_1/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT.
Severity
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/IceWhaleTech/ZimaOS/security/a… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IceWhaleTech | ZimaOS |
Affected:
<= 1.4.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58432",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-17T17:47:29.376477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T17:47:32.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-3gp9-43rg-xrcc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ZimaOS",
"vendor": "IceWhaleTech",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v2_1/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T17:31:20.968Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-3gp9-43rg-xrcc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-3gp9-43rg-xrcc"
}
],
"source": {
"advisory": "GHSA-3gp9-43rg-xrcc",
"discovery": "UNKNOWN"
},
"title": "ZimaOS Privilege Escalation using localhost calls to File API Upload"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58432",
"datePublished": "2025-09-17T17:31:20.968Z",
"dateReserved": "2025-09-01T20:03:06.531Z",
"dateUpdated": "2025-09-17T17:47:32.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59094 (GCVE-0-2025-59094)
Vulnerability from cvelistv5 – Published: 2026-01-26 10:04 – Updated: 2026-01-26 17:18
VLAI
Title
Local Privilege Escalation in dormakaba Kaba exos 9300 System management
Summary
A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application (d9sysdef.exe). Within this application it is possible to specify an arbitrary executable as well as the weekday and start time, when the specified executable should be run with SYSTEM privileges.
Severity
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://r.sec-consult.com/dormakaba | technical-description |
| https://r.sec-consult.com/dkexos | third-party-advisory |
| https://www.dormakabagroup.com/en/security-advisories | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| dormakaba | Kaba exos 9300 |
Affected:
All versions, manual mitigation needed!
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59094",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T17:18:34.556304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T17:18:41.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Kaba exos 9300",
"vendor": "dormakaba",
"versions": [
{
"status": "affected",
"version": "All versions, manual mitigation needed!"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Clemens Stockenreitner, SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Werner Schober, SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application (d9sysdef.exe). Within this application it is possible to specify an arbitrary executable as well as the weekday and start time, when the specified executable should be run with SYSTEM privileges."
}
],
"value": "A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application (d9sysdef.exe). Within this application it is possible to specify an arbitrary executable as well as the weekday and start time, when the specified executable should be run with SYSTEM privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233: Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T10:04:05.551Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"technical-description"
],
"url": "https://r.sec-consult.com/dormakaba"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/dkexos"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dormakabagroup.com/en/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Rich clients are vulnerable to insider attacks. If there is a need for protection (against insiders or people with access to the network), the rich clients must operate in a protected environment. Alternatively, the web client is suitable for most use cases."
}
],
"value": "Rich clients are vulnerable to insider attacks. If there is a need for protection (against insiders or people with access to the network), the rich clients must operate in a protected environment. Alternatively, the web client is suitable for most use cases."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation in dormakaba Kaba exos 9300 System management",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2025-59094",
"datePublished": "2026-01-26T10:04:05.551Z",
"dateReserved": "2025-09-09T07:52:56.382Z",
"dateUpdated": "2026-01-26T17:18:41.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59247 (GCVE-0-2025-59247)
Vulnerability from cvelistv5 – Published: 2025-10-09 21:04 – Updated: 2026-02-22 17:26 Exclusively Hosted Service
VLAI
Title
Azure PlayFab Elevation of Privilege Vulnerability
Summary
Azure PlayFab Elevation of Privilege Vulnerability
Severity
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure PlayFab |
Affected:
-
|
Date Public
2025-10-09 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T14:21:11.221071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T14:21:23.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Azure PlayFab",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_playfab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-10-09T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure PlayFab Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-565",
"description": "CWE-565: Reliance on Cookies without Validation and Integrity Checking",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-22T17:26:10.829Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure PlayFab Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59247"
}
],
"tags": [
"exclusively-hosted-service"
],
"title": "Azure PlayFab Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-59247",
"datePublished": "2025-10-09T21:04:10.867Z",
"dateReserved": "2025-09-11T04:30:28.170Z",
"dateUpdated": "2026-02-22T17:26:10.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5931 (GCVE-0-2025-5931)
Vulnerability from cvelistv5 – Published: 2025-08-26 05:07 – Updated: 2026-04-08 17:32
VLAI
Title
Dokan Pro <= 4.0.5 - Authenticated (Vendor+) Privilege Escalation
Summary
The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user's identity prior to updating their password during a staff password reset. This makes it possible for authenticated attackers, with vendor-level access and above, to elevate their privilege to the level of a staff member and then change arbitrary user passwords, including those of administrators in order to gain access to their accounts. By default, the plugin allows customers to become vendors.
Severity
8.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5931",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T15:40:09.910787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T15:40:18.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dokan Pro",
"vendor": "wedevs",
"versions": [
{
"lessThanOrEqual": "4.0.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Friderika Baranyai"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user\u0027s identity prior to updating their password during a staff password reset. This makes it possible for authenticated attackers, with vendor-level access and above, to elevate their privilege to the level of a staff member and then change arbitrary user passwords, including those of administrators in order to gain access to their accounts. By default, the plugin allows customers to become vendors."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:32:51.977Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3664a96-4ce7-4561-9b4b-dff91cd49384?source=cve"
},
{
"url": "https://dokan.co/wordpress/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-17T13:06:22.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-08-25T16:11:38.000Z",
"value": "Disclosed"
}
],
"title": "Dokan Pro \u003c= 4.0.5 - Authenticated (Vendor+) Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-5931",
"datePublished": "2025-08-26T05:07:47.410Z",
"dateReserved": "2025-06-09T14:52:15.433Z",
"dateUpdated": "2026-04-08T17:32:51.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59514 (GCVE-0-2025-59514)
Vulnerability from cvelistv5 – Published: 2025-11-11 17:59 – Updated: 2026-02-26 16:57
VLAI
Title
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
Summary
Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.
Severity
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
24 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8594
(custom)
|
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.8027
(custom)
|
|
| Microsoft | Windows 10 Version 21H2 |
Affected:
10.0.19044.0 , < 10.0.19044.6575
(custom)
|
|
| Microsoft | Windows 10 Version 22H2 |
Affected:
10.0.19045.0 , < 10.0.19045.6575
(custom)
|
|
| Microsoft | Windows 11 version 22H3 |
Affected:
10.0.22631.0 , < 10.0.22631.6199
(custom)
|
|
| Microsoft | Windows 11 Version 23H2 |
Affected:
10.0.22631.0 , < 10.0.22631.6199
(custom)
|
|
| Microsoft | Windows 11 Version 24H2 |
Affected:
10.0.26100.0 , < 10.0.26100.7171
(custom)
|
|
| Microsoft | Windows 11 Version 25H2 |
Affected:
10.0.26200.0 , < 10.0.26200.7171
(custom)
|
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 |
Affected:
6.1.7601.0 , < 6.1.7601.28021
(custom)
|
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 (Server Core installation) |
Affected:
6.1.7601.0 , < 6.1.7601.28021
(custom)
|
|
| Microsoft | Windows Server 2008 Service Pack 2 |
Affected:
6.0.6003.0 , < 6.0.6003.23624
(custom)
|
|
| Microsoft | Windows Server 2008 Service Pack 2 (Server Core installation) |
Affected:
6.0.6003.0 , < 6.0.6003.23624
(custom)
|
|
| Microsoft | Windows Server 2012 |
Affected:
6.2.9200.0 , < 6.2.9200.25768
(custom)
|
|
| Microsoft | Windows Server 2012 (Server Core installation) |
Affected:
6.2.9200.0 , < 6.2.9200.25768
(custom)
|
|
| Microsoft | Windows Server 2012 R2 |
Affected:
6.3.9600.0 , < 6.3.9600.22869
(custom)
|
|
| Microsoft | Windows Server 2012 R2 (Server Core installation) |
Affected:
6.3.9600.0 , < 6.3.9600.22869
(custom)
|
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.14393.0 , < 10.0.14393.8594
(custom)
|
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.14393.0 , < 10.0.14393.8594
(custom)
|
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.17763.0 , < 10.0.17763.8027
(custom)
|
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.17763.0 , < 10.0.17763.8027
(custom)
|
|
| Microsoft | Windows Server 2022 |
Affected:
10.0.20348.0 , < 10.0.20348.4405
(custom)
|
|
| Microsoft | Windows Server 2022, 23H2 Edition (Server Core installation) |
Affected:
10.0.25398.0 , < 10.0.25398.1965
(custom)
|
|
| Microsoft | Windows Server 2025 |
Affected:
10.0.26100.0 , < 10.0.26100.7171
(custom)
|
|
| Microsoft | Windows Server 2025 (Server Core installation) |
Affected:
10.0.26100.0 , < 10.0.26100.7171
(custom)
|
Date Public
2025-11-11 08:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T04:57:23.902211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:57:26.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8594",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8027",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.6575",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.6575",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6199",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6199",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.7171",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.7171",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.1.7601.28021",
"status": "affected",
"version": "6.1.7601.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.1.7601.28021",
"status": "affected",
"version": "6.1.7601.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.6003.23624",
"status": "affected",
"version": "6.0.6003.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.6003.23624",
"status": "affected",
"version": "6.0.6003.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25768",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25768",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.22869",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.22869",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8594",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8594",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8027",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8027",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4405",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.1965",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.7171",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.7171",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8027",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8027",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8027",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4405",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.6575",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.6575",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.7171",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.7171",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6199",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6199",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1965",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.7171",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.7171",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8594",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8594",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8594",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.0.6003.23624",
"versionStartIncluding": "6.0.6003.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.0.6003.23624",
"versionStartIncluding": "6.0.6003.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.1.7601.28021",
"versionStartIncluding": "6.1.7601.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.1.7601.28021",
"versionStartIncluding": "6.1.7601.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25768",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25768",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.22869",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.22869",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-11-11T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T20:46:02.108Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59514"
}
],
"title": "Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-59514",
"datePublished": "2025-11-11T17:59:35.037Z",
"dateReserved": "2025-09-17T03:06:33.549Z",
"dateUpdated": "2026-02-26T16:57:26.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5954 (GCVE-0-2025-5954)
Vulnerability from cvelistv5 – Published: 2025-08-01 02:24 – Updated: 2026-04-08 16:52
VLAI
Title
Service Finder SMS System <= 2.0.0 - Unauthenticated Privilege Escalation
Summary
The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesms_fn_savedata_after_signup() function. This makes it possible for unauthenticated attackers to register as an administrator user.
Severity
9.8 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| aonetheme | Service Finder SMS System |
Affected:
0 , ≤ 2.0.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-01T19:07:55.251551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T19:08:15.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Service Finder SMS System",
"vendor": "aonetheme",
"versions": [
{
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Friderika Baranyai"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesms_fn_savedata_after_signup() function. This makes it possible for unauthenticated attackers to register as an administrator user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:52:42.864Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/520c1e8b-d0c1-4201-90bf-0cefab9af7e0?source=cve"
},
{
"url": "https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-31T13:51:29.000Z",
"value": "Disclosed"
}
],
"title": "Service Finder SMS System \u003c= 2.0.0 - Unauthenticated Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-5954",
"datePublished": "2025-08-01T02:24:17.625Z",
"dateReserved": "2025-06-09T19:15:04.212Z",
"dateUpdated": "2026-04-08T16:52:42.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-48
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation ID: MIT-49
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.