CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
CVE-2025-14459 (GCVE-0-2025-14459)
Vulnerability from cvelistv5 – Published: 2026-01-26 19:36 – Updated: 2026-01-26 21:01
VLAI
Title
Virt-cdi-controller: unauthorized pvc cloning via dataimportcron
Summary
A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism.
Severity
8.5 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:0950 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2025-14459 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2420938 | issue-trackingx_refsource_REDHAT |
Impacted products
55 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-4 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-3 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17.rhel9-82 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-4 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-4 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-4 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-7 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-7 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-6 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-85 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-9 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-11 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-9 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-19 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-9 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-9 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-9 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-88 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-9 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-8 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-8 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-8 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-7 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-7 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-7 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-8 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-8 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-9 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-9 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-9 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-9 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-4 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-9 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-12 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | RHEL-9-CNV-4.19 |
Unaffected:
v4.19.17-5 , < *
(rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
Date Public
2026-01-08 10:10
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T21:01:20.724005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T21:01:36.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/aaq-controller-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/aaq-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/aaq-server-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/bridge-marker-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/cluster-network-addons-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/cnv-containernetworking-plugins-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/cnv-must-gather-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/hco-bundle-registry-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17.rhel9-82",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/hostpath-csi-driver-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/hostpath-provisioner-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/hostpath-provisioner-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/hyperconverged-cluster-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/hyperconverged-cluster-webhook-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubemacpool-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubesecondarydns-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-api-lifecycle-automation-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-apiserver-proxy-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-common-instancetypes-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-console-plugin-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-85",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-dpdk-checkup-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-ipam-controller-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-realtime-checkup-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-ssp-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-storage-checkup-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/kubevirt-template-validator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/libguestfs-tools-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/multus-dynamic-networks-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/ocp-virt-validation-checkup-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/ovs-cni-plugin-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/passt-network-binding-plugin-cni-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/passt-network-binding-plugin-sidecar-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/pr-helper-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/sidecar-shim-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-88",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-api-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-artifacts-server-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-apiserver-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-cloner-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-controller-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-importer-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-uploadproxy-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-cdi-uploadserver-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-controller-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-exportproxy-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-exportserver-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-handler-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virtio-win-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-launcher-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/virt-operator-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/vm-console-proxy-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/vm-network-latency-checkup-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "container-native-virtualization/wasp-agent-rhel9",
"product": "RHEL-9-CNV-4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v4.19.17-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"packageName": "container-native-virtualization/virt-cdi-controller",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-01-08T10:10:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T19:36:29.709Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:0950",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:0950"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-14459"
},
{
"name": "RHBZ#2420938",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420938"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-10T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-01-08T10:10:00.000Z",
"value": "Made public."
}
],
"title": "Virt-cdi-controller: unauthorized pvc cloning via dataimportcron",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-14459",
"datePublished": "2026-01-26T19:36:29.709Z",
"dateReserved": "2025-12-10T15:18:02.606Z",
"dateUpdated": "2026-01-26T21:01:36.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14594 (GCVE-0-2025-14594)
Vulnerability from cvelistv5 – Published: 2026-02-11 11:34 – Updated: 2026-02-11 15:17
VLAI
Title
Authorization Bypass Through User-Controlled Key in GitLab
Summary
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying the API.
Severity
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/583967 | issue-trackingpermissions-required |
| https://hackerone.com/reports/3457591 | technical-descriptionexploitpermissions-required |
| https://about.gitlab.com/releases/2026/02/10/patc… |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:17:08.503125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:17:25.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "18.6.6",
"status": "affected",
"version": "17.11",
"versionType": "semver"
},
{
"lessThan": "18.7.4",
"status": "affected",
"version": "18.7",
"versionType": "semver"
},
{
"lessThan": "18.8.4",
"status": "affected",
"version": "18.8",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [sndd](https://hackerone.com/sndd) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying the API."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T11:34:06.815Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #583967",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/583967"
},
{
"name": "HackerOne Bug Bounty Report #3457591",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/3457591"
},
{
"url": "https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 18.6.6, 18.7.4, 18.8.4 or above."
}
],
"title": "Authorization Bypass Through User-Controlled Key in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-14594",
"datePublished": "2026-02-11T11:34:06.815Z",
"dateReserved": "2025-12-12T16:33:35.449Z",
"dateUpdated": "2026-02-11T15:17:25.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1469 (GCVE-0-2025-1469)
Vulnerability from cvelistv5 – Published: 2025-07-21 08:35 – Updated: 2025-07-21 17:25
VLAI
Title
IDOR in Turtek Software's Eyotek
Summary
Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.This issue affects Eyotek: before 11.03.2025.
Severity
7.5 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-25-0163 | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Turtek Software | Eyotek |
Affected:
0 , < 11.03.2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-21T17:08:30.371565Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T17:25:16.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eyotek",
"vendor": "Turtek Software",
"versions": [
{
"lessThan": "11.03.2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sahnur Eren ALOGLU"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.\u003cp\u003eThis issue affects Eyotek: before 11.03.2025.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.This issue affects Eyotek: before 11.03.2025."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Identifiers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T08:35:00.914Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.usom.gov.tr/bildirim/tr-25-0163"
}
],
"source": {
"advisory": "TR-25-0163",
"defect": [
"TR-25-0163"
],
"discovery": "UNKNOWN"
},
"title": "IDOR in Turtek Software\u0027s Eyotek",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-1469",
"datePublished": "2025-07-21T08:35:00.914Z",
"dateReserved": "2025-02-19T14:35:46.386Z",
"dateUpdated": "2025-07-21T17:25:16.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-14742 (GCVE-0-2025-14742)
Vulnerability from cvelistv5 – Published: 2026-02-25 09:26 – Updated: 2026-04-08 16:36
VLAI
Title
WP Recipe Maker <= 10.2.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure
Summary
The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_search_recipes' and 'ajax_get_recipe' functions in all versions up to, and including, 10.2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive recipe information including draft, pending, and private recipes that they shouldn't be able to access.
Severity
4.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| brechtvds | WP Recipe Maker |
Affected:
0 , ≤ 10.2.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T16:33:34.211437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:33:45.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Recipe Maker",
"vendor": "brechtvds",
"versions": [
{
"lessThanOrEqual": "10.2.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abhinav Jaswal"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the \u0027ajax_search_recipes\u0027 and \u0027ajax_get_recipe\u0027 functions in all versions up to, and including, 10.2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive recipe information including draft, pending, and private recipes that they shouldn\u0027t be able to access."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:36:07.011Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10c17e74-dced-483e-bcaf-00ff5b11059c?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-recipe-maker/trunk/includes/public/class-wprm-recipe-manager.php#L47"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-recipe-maker/trunk/includes/public/class-wprm-recipe-manager.php#L46"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-recipe-maker/trunk/includes/public/class-wprm-recipe-manager.php#L161"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-recipe-maker/trunk/includes/public/class-wprm-recipe-manager.php#L301"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3440361/wp-recipe-maker/trunk/includes/public/class-wprm-recipe-manager.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-15T19:25:38.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-24T21:09:18.000Z",
"value": "Disclosed"
}
],
"title": "WP Recipe Maker \u003c= 10.2.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14742",
"datePublished": "2026-02-25T09:26:50.441Z",
"dateReserved": "2025-12-15T19:09:55.527Z",
"dateUpdated": "2026-04-08T16:36:07.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14802 (GCVE-0-2025-14802)
Vulnerability from cvelistv5 – Published: 2026-01-07 07:17 – Updated: 2026-04-08 17:05
VLAI
Title
LearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion
Summary
The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to unauthorized file deletion in versions up to, and including, 4.3.2.2 via the /wp-json/lp/v1/material/{file_id} REST API endpoint. This is due to a parameter mismatch between the DELETE operation and authorization check, where the endpoint uses file_id from the URL path but the permission callback validates item_id from the request body. This makes it possible for authenticated attackers, with teacher-level access, to delete arbitrary lesson material files uploaded by other teachers via sending a DELETE request with their own item_id (to pass authorization) while targeting another teacher's file_id.
Severity
5.4 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses |
Affected:
0 , ≤ 4.3.2.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T14:50:45.348178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T16:13:20.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LearnPress \u2013 WordPress LMS Plugin for Create and Sell Online Courses",
"vendor": "thimpress",
"versions": [
{
"lessThanOrEqual": "4.3.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Deniz Mert"
}
],
"descriptions": [
{
"lang": "en",
"value": "The LearnPress \u2013 WordPress LMS Plugin for WordPress is vulnerable to unauthorized file deletion in versions up to, and including, 4.3.2.2 via the /wp-json/lp/v1/material/{file_id} REST API endpoint. This is due to a parameter mismatch between the DELETE operation and authorization check, where the endpoint uses file_id from the URL path but the permission callback validates item_id from the request body. This makes it possible for authenticated attackers, with teacher-level access, to delete arbitrary lesson material files uploaded by other teachers via sending a DELETE request with their own item_id (to pass authorization) while targeting another teacher\u0027s file_id."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:05:15.500Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/884c4508-1ee1-4384-9fc2-29e2c9042426?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.2.1/inc/rest-api/v1/frontend/class-lp-rest-material-controller.php#L527"
},
{
"url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.2.1/inc/rest-api/v1/frontend/class-lp-rest-material-controller.php#L405"
},
{
"url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.2.1/inc/rest-api/v1/frontend/class-lp-rest-material-controller.php#L77"
},
{
"url": "https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.2.3/inc/rest-api/v1/frontend/class-lp-rest-material-controller.php#L403"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-16T21:05:46.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-01-06T18:42:00.000Z",
"value": "Disclosed"
}
],
"title": "LearnPress \u2013 WordPress LMS Plugin \u003c= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14802",
"datePublished": "2026-01-07T07:17:33.170Z",
"dateReserved": "2025-12-16T20:58:27.037Z",
"dateUpdated": "2026-04-08T17:05:15.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14844 (GCVE-0-2025-14844)
Vulnerability from cvelistv5 – Published: 2026-01-16 09:23 – Updated: 2026-04-08 16:35
VLAI
Title
Membership Plugin – Restrict Content <= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure
Summary
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcp_stripe_create_setup_intent_for_saved_card' function due to missing capability check. Additionally, the plugin does not check a user-controlled key, which makes it possible for unauthenticated attackers to leak Stripe SetupIntent client_secret values for any membership.
Severity
8.2 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| stellarwp | Membership Plugin – Restrict Content |
Affected:
0 , ≤ 3.2.16
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14844",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T12:48:39.518455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T12:50:27.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Membership Plugin \u2013 Restrict Content",
"vendor": "stellarwp",
"versions": [
{
"lessThanOrEqual": "3.2.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "andrea bocchetti"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Membership Plugin \u2013 Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the \u0027rcp_stripe_create_setup_intent_for_saved_card\u0027 function due to missing capability check. Additionally, the plugin does not check a user-controlled key, which makes it possible for unauthenticated attackers to leak Stripe SetupIntent client_secret values for any membership."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:35:02.041Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c28545d-c7cd-469f-bccf-90e8b52fd4e7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/gateways/stripe/functions.php#L848"
},
{
"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.16/core/includes/gateways/stripe/functions.php#L987"
},
{
"url": "https://docs.stripe.com/api/setup_intents/object"
},
{
"url": "https://cwe.mitre.org/data/definitions/639.html"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3438168/restrict-content/tags/3.2.17/core/includes/gateways/stripe/functions.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-17T18:50:59.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-01-15T20:39:14.000Z",
"value": "Disclosed"
}
],
"title": "Membership Plugin \u2013 Restrict Content \u003c= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14844",
"datePublished": "2026-01-16T09:23:46.932Z",
"dateReserved": "2025-12-17T18:34:48.898Z",
"dateUpdated": "2026-04-08T16:35:02.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14881 (GCVE-0-2025-14881)
Vulnerability from cvelistv5 – Published: 2025-12-19 12:24 – Updated: 2025-12-19 12:58
VLAI
Title
Insecure direct object reference
Summary
Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.
Severity
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://pretix.eu/about/en/blog/20251218-release-… | vendor-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14881",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T12:58:00.895498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T12:58:15.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/",
"defaultStatus": "unaffected",
"packageName": "pretix",
"product": "pretix",
"repo": "https://github.com/pretix/pretix",
"vendor": "pretix",
"versions": [
{
"lessThan": "2025.8.0",
"status": "affected",
"version": "1.0.0",
"versionType": "python"
},
{
"changes": [
{
"at": "2025.8.3",
"status": "unaffected"
}
],
"lessThan": "2025.9.0",
"status": "affected",
"version": "2025.8.0",
"versionType": "python"
},
{
"changes": [
{
"at": "2025.9.3",
"status": "unaffected"
}
],
"lessThan": "2025.10.0",
"status": "affected",
"version": "2025.9.0",
"versionType": "python"
},
{
"changes": [
{
"at": "2025.10.1",
"status": "unaffected"
}
],
"lessThan": "2025.11.0",
"status": "affected",
"version": "2025.10.0",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Deniz Parlak (https://github.com/DenizParlak)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only."
}
],
"value": "Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 3.8,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T12:24:10.523Z",
"orgId": "655498c3-6ec5-4f0b-aea6-853b334d05a6",
"shortName": "rami.io"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pretix.eu/about/en/blog/20251218-release-2025-10-1/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insecure direct object reference",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "655498c3-6ec5-4f0b-aea6-853b334d05a6",
"assignerShortName": "rami.io",
"cveId": "CVE-2025-14881",
"datePublished": "2025-12-19T12:24:10.523Z",
"dateReserved": "2025-12-18T11:48:11.819Z",
"dateUpdated": "2025-12-19T12:58:15.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14882 (GCVE-0-2025-14882)
Vulnerability from cvelistv5 – Published: 2025-12-19 12:24 – Updated: 2025-12-19 13:50
VLAI
Title
Insecure direct object reference
Summary
An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.
Severity
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://pretix.eu/about/en/blog/20251218-release-… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| pretix | pretix-offlinesales |
Affected:
1.12.0 , ≤ 1.12.1
(python)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14882",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T13:50:11.991702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T13:50:26.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://marketplace.pretix.eu/",
"defaultStatus": "unaffected",
"packageName": "pretix-offlinesales",
"product": "pretix-offlinesales",
"vendor": "pretix",
"versions": [
{
"lessThanOrEqual": "1.12.1",
"status": "affected",
"version": "1.12.0",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only."
}
],
"value": "An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 3.8,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T12:24:01.241Z",
"orgId": "655498c3-6ec5-4f0b-aea6-853b334d05a6",
"shortName": "rami.io"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pretix.eu/about/en/blog/20251218-release-2025-10-1/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Insecure direct object reference",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "655498c3-6ec5-4f0b-aea6-853b334d05a6",
"assignerShortName": "rami.io",
"cveId": "CVE-2025-14882",
"datePublished": "2025-12-19T12:24:01.241Z",
"dateReserved": "2025-12-18T11:52:58.280Z",
"dateUpdated": "2025-12-19T13:50:26.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14974 (GCVE-0-2025-14974)
Vulnerability from cvelistv5 – Published: 2026-03-25 20:20 – Updated: 2026-03-28 01:45
VLAI
Title
IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference
Summary
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR).
Severity
5.7 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7266723 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | InfoSphere Information Server |
Affected:
11.7.0.0 , ≤ 11.7.1.6
(semver)
cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-28T01:45:02.979931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-28T01:45:31.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"
],
"product": "InfoSphere Information Server",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.7.1.6",
"status": "affected",
"version": "11.7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR).\u003c/p\u003e"
}
],
"value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T20:20:27.484Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7266723"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion(s)\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM InfoSphere Information Server\u003c/td\u003e\u003ctd\u003e11.7.0.0 to 11.7.1.6\u003c/td\u003e\u003ctd\u003e\u003ca title=\"DT458648\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000008daT/dt458648\" rel=\"nofollow\"\u003eDT458648\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e--Apply IBM InfoSphere Information Server version\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/node/878310\" target=\"_blank\" rel=\"noopener noreferrer nofollow\"\u003e11.7.1.0\u003c/a\u003e\u0026nbsp;\u003cbr\u003e--Apply IBM InfoSphere Information Server version\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/node/7182872\" rel=\"nofollow\"\u003e11.7.1.6\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e--Apply IBM InfoSphere Information Server\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/node/7260779\" rel=\"nofollow\"\u003e11.7.1.6 Service pack 2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT458648 https://www.ibm.com/mysupport/s/defect/aCIgJ0000008daT/dt458648 --Apply IBM InfoSphere Information Server version\u00a0 11.7.1.0 https://www.ibm.com/support/pages/node/878310 \u00a0\n--Apply IBM InfoSphere Information Server version\u00a0 11.7.1.6 https://www.ibm.com/support/pages/node/7182872 \n\n--Apply IBM InfoSphere Information Server\u00a0 11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779"
}
],
"title": "IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-14974",
"datePublished": "2026-03-25T20:20:27.484Z",
"dateReserved": "2025-12-19T15:09:58.873Z",
"dateUpdated": "2026-03-28T01:45:31.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14996 (GCVE-0-2025-14996)
Vulnerability from cvelistv5 – Published: 2026-01-06 04:31 – Updated: 2026-04-08 16:33
VLAI
Title
AS Password Field In Default Registration Form <= 2.0.0 - Unauthenticated Privilege Escalation via Account Takeover
Summary
The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Severity
9.8 (Critical)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| aksharsoftsolutions | AS Password Field In Default Registration Form |
Affected:
0 , ≤ 2.0.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T14:39:41.134842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T14:40:55.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AS Password Field In Default Registration Form",
"vendor": "aksharsoftsolutions",
"versions": [
{
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Drew Webber"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not properly validating a user\u0027s identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user\u0027s passwords, including administrators, and leverage that to gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:33:37.050Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/061f022b-b922-4499-bb34-8ea91ba5ace3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/as-password-field-in-default-registration-form/tags/2.0.0/as-password-field-default-registration.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-05T16:08:45.000Z",
"value": "Disclosed"
}
],
"title": "AS Password Field In Default Registration Form \u003c= 2.0.0 - Unauthenticated Privilege Escalation via Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14996",
"datePublished": "2026-01-06T04:31:54.884Z",
"dateReserved": "2025-12-20T12:33:41.264Z",
"dateUpdated": "2026-04-08T16:33:37.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Phase: Architecture and Design
Description:
- Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.