CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
CVE-2025-24850 (GCVE-0-2025-24850)
Vulnerability from cvelistv5 – Published: 2025-04-15 21:33 – Updated: 2025-04-16 14:42
VLAI
Title
Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Summary
An attacker can export other users' plant information.
Severity
5.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Growatt | Cloud portal |
Affected:
0 , < 3.6.0
(custom)
|
Date Public
2025-04-15 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T14:21:37.465638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T14:42:11.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud portal",
"vendor": "Growatt",
"versions": [
{
"lessThan": "3.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Forescout Technologies reported these vulnerabilities to CISA."
}
],
"datePublic": "2025-04-15T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker can export other users\u0027 plant information.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "An attacker can export other users\u0027 plant information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T21:33:05.892Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGrowatt reports the cloud-based vulnerabilities were patched and no user action is needed. Additionally, Growatt strongly recommends that their users take proactive steps in securing their devices and take the following actions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUpdate all devices to the latest firmware version when available. (Updates are automatic, no user action needed.)\u003c/li\u003e\u003cli\u003eUse strong passwords and enable multi-factor authentication where applicable.\u003c/li\u003e\u003cli\u003eReport any security concerns to \u003ca target=\"_blank\" rel=\"nofollow\"\u003eService@Growatt.com\u003c/a\u003e.\u003c/li\u003e\u003cli\u003eStay vigilant. Users and installers should regularly review security settings, follow best practices, and report any unusual activity.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "Growatt reports the cloud-based vulnerabilities were patched and no user action is needed. Additionally, Growatt strongly recommends that their users take proactive steps in securing their devices and take the following actions:\n\n * Update all devices to the latest firmware version when available. (Updates are automatic, no user action needed.)\n * Use strong passwords and enable multi-factor authentication where applicable.\n * Report any security concerns to Service@Growatt.com.\n * Stay vigilant. Users and installers should regularly review security settings, follow best practices, and report any unusual activity."
}
],
"source": {
"advisory": "ICSA-25-105-04",
"discovery": "EXTERNAL"
},
"title": "Growatt Cloud portal Authorization Bypass Through User-Controlled Key",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-24850",
"datePublished": "2025-04-15T21:33:05.892Z",
"dateReserved": "2025-04-01T17:32:00.649Z",
"dateUpdated": "2025-04-16T14:42:11.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24969 (GCVE-0-2025-24969)
Vulnerability from cvelistv5 – Published: 2025-05-14 15:11 – Updated: 2025-05-14 15:45
VLAI
Title
iTop portal user can see any other contact's picture
Summary
iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue.
Severity
5 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/Combodo/iTop/security/advisori… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T15:45:46.450095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T15:45:51.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iTop",
"vendor": "Combodo",
"versions": [
{
"status": "affected",
"version": "\u003c 3.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T15:11:59.541Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Combodo/iTop/security/advisories/GHSA-52p7-7f8f-j7pc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-52p7-7f8f-j7pc"
}
],
"source": {
"advisory": "GHSA-52p7-7f8f-j7pc",
"discovery": "UNKNOWN"
},
"title": "iTop portal user can see any other contact\u0027s picture"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24969",
"datePublished": "2025-05-14T15:11:45.247Z",
"dateReserved": "2025-01-29T15:18:03.209Z",
"dateUpdated": "2025-05-14T15:45:51.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24976 (GCVE-0-2025-24976)
Vulnerability from cvelistv5 – Published: 2025-02-11 15:48 – Updated: 2026-01-23 17:04
VLAI
Title
Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT
Summary
Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a JSON web token (JWT). The issue lies in how the JSON web key (JWK) verification is performed. When a JWT contains a JWK header without a certificate chain, the code only checks if the KeyID (`kid`) matches one of the trusted keys, but doesn't verify that the actual key material matches. A fix for the issue is available at commit 5ea9aa028db65ca5665f6af2c20ecf9dc34e5fcd and expected to be a part of version 3.0.0-rc.3. There is no way to work around this issue without patching if the system requires token authentication.
Severity
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/distribution/distribution/secu… | x_refsource_CONFIRM |
| https://github.com/distribution/distribution/comm… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| distribution | distribution |
Affected:
>= 3.0.0-beta.1, <= 3.0.0-rc.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24976",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T16:00:59.994996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:51:44.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "distribution",
"vendor": "distribution",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0-beta.1, \u003c= 3.0.0-rc.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a JSON web token (JWT). The issue lies in how the JSON web key (JWK) verification is performed. When a JWT contains a JWK header without a certificate chain, the code only checks if the KeyID (`kid`) matches one of the trusted keys, but doesn\u0027t verify that the actual key material matches. A fix for the issue is available at commit 5ea9aa028db65ca5665f6af2c20ecf9dc34e5fcd and expected to be a part of version 3.0.0-rc.3. There is no way to work around this issue without patching if the system requires token authentication."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T17:04:22.154Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/distribution/distribution/security/advisories/GHSA-phw4-mc57-4hwc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/distribution/distribution/security/advisories/GHSA-phw4-mc57-4hwc"
},
{
"name": "https://github.com/distribution/distribution/commit/f4a500caf68169dccb0b54cb90523e68ee1ac2be",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/distribution/distribution/commit/f4a500caf68169dccb0b54cb90523e68ee1ac2be"
}
],
"source": {
"advisory": "GHSA-phw4-mc57-4hwc",
"discovery": "UNKNOWN"
},
"title": "Distribution\u0027s token authentication allows attacker to inject an untrusted signing key in a JWT"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24976",
"datePublished": "2025-02-11T15:48:59.700Z",
"dateReserved": "2025-01-29T15:18:03.211Z",
"dateUpdated": "2026-01-23T17:04:22.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-2526 (GCVE-0-2025-2526)
Vulnerability from cvelistv5 – Published: 2025-04-08 01:44 – Updated: 2026-04-08 16:33
VLAI
Title
Streamit <= 4.0.2 - Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover
Summary
The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the 'st_Authentication_Controller::edit_profile' function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
Severity
8.8 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| iqonicdesign | Streamit |
Affected:
0 , ≤ 4.0.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T14:20:16.693730Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T14:20:25.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Streamit",
"vendor": "iqonicdesign",
"versions": [
{
"lessThanOrEqual": "4.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user\u0027s identity prior to updating their details like email in the \u0027st_Authentication_Controller::edit_profile\u0027 function. This makes it possible for unauthenticated attackers to change arbitrary user\u0027s email addresses, including administrators, and leverage that to reset the user\u0027s password and gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:33:23.214Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/057abffb-1c52-49ca-8791-ca44f0c5a011?source=cve"
},
{
"url": "https://themeforest.net/item/streamit-video-streaming-wordpress-theme/29772881"
},
{
"url": "https://documentation.iqonic.design/streamit/change-log/streamit-v4-0/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-19T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-03-19T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-04-07T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Streamit \u003c= 4.0.2 - Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-2526",
"datePublished": "2025-04-08T01:44:20.971Z",
"dateReserved": "2025-03-19T14:18:20.562Z",
"dateUpdated": "2026-04-08T16:33:23.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-25276 (GCVE-0-2025-25276)
Vulnerability from cvelistv5 – Published: 2025-04-15 21:25 – Updated: 2025-04-16 15:08
VLAI
Title
Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Summary
An unauthenticated attacker can hijack other users' devices and potentially control them.
Severity
5.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Growatt | Cloud portal |
Affected:
0 , < 3.6.0
(custom)
|
Date Public
2025-04-15 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25276",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T14:59:16.145734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T15:08:00.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud portal",
"vendor": "Growatt",
"versions": [
{
"lessThan": "3.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Forescout Technologies reported these vulnerabilities to CISA."
}
],
"datePublic": "2025-04-15T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn unauthenticated attacker can hijack other users\u0027 devices and potentially control them.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "An unauthenticated attacker can hijack other users\u0027 devices and potentially control them."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T21:25:26.240Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGrowatt reports the cloud-based vulnerabilities were patched and no user action is needed. Additionally, Growatt strongly recommends that their users take proactive steps in securing their devices and take the following actions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUpdate all devices to the latest firmware version when available. (Updates are automatic, no user action needed.)\u003c/li\u003e\u003cli\u003eUse strong passwords and enable multi-factor authentication where applicable.\u003c/li\u003e\u003cli\u003eReport any security concerns to \u003ca target=\"_blank\" rel=\"nofollow\"\u003eService@Growatt.com\u003c/a\u003e.\u003c/li\u003e\u003cli\u003eStay vigilant. Users and installers should regularly review security settings, follow best practices, and report any unusual activity.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "Growatt reports the cloud-based vulnerabilities were patched and no user action is needed. Additionally, Growatt strongly recommends that their users take proactive steps in securing their devices and take the following actions:\n\n * Update all devices to the latest firmware version when available. (Updates are automatic, no user action needed.)\n * Use strong passwords and enable multi-factor authentication where applicable.\n * Report any security concerns to Service@Growatt.com.\n * Stay vigilant. Users and installers should regularly review security settings, follow best practices, and report any unusual activity."
}
],
"source": {
"advisory": "ICSA-25-105-04",
"discovery": "EXTERNAL"
},
"title": "Growatt Cloud portal Authorization Bypass Through User-Controlled Key",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-25276",
"datePublished": "2025-04-15T21:25:26.240Z",
"dateReserved": "2025-04-01T17:32:00.668Z",
"dateUpdated": "2025-04-16T15:08:00.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25282 (GCVE-0-2025-25282)
Vulnerability from cvelistv5 – Published: 2025-02-21 21:04 – Updated: 2025-02-24 14:49
VLAI
Title
Potential Insecure Direct Object Reference (IDOR) vulnerability in ragflow
Summary
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability that may lead to unauthorized cross-tenant access (list tenant user accounts, add user account into other tenant). Unauthorized cross-tenant access: list user from other tenant (e.g., via GET /<tenant_id>/user/list), add user account to other tenant (POST /<tenant_id>/user). This issue has not yet been patched. Users are advised to reach out to the project maintainers to coordinate a fix.
Severity
8.1 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/infiniflow/ragflow/security/ad… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| infiniflow | ragflow |
Affected:
<= 0.13.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25282",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-24T14:48:50.791828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T14:49:12.014Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/infiniflow/ragflow/security/advisories/GHSA-wc5v-g79p-7hch"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ragflow",
"vendor": "infiniflow",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability that may lead to unauthorized cross-tenant access (list tenant user accounts, add user account into other tenant). Unauthorized cross-tenant access: list user from other tenant (e.g., via GET /\u003ctenant_id\u003e/user/list), add user account to other tenant (POST /\u003ctenant_id\u003e/user). This issue has not yet been patched. Users are advised to reach out to the project maintainers to coordinate a fix."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T21:04:46.348Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/infiniflow/ragflow/security/advisories/GHSA-wc5v-g79p-7hch",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/infiniflow/ragflow/security/advisories/GHSA-wc5v-g79p-7hch"
}
],
"source": {
"advisory": "GHSA-wc5v-g79p-7hch",
"discovery": "UNKNOWN"
},
"title": "Potential Insecure Direct Object Reference (IDOR) vulnerability in ragflow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-25282",
"datePublished": "2025-02-21T21:04:34.731Z",
"dateReserved": "2025-02-06T17:13:33.121Z",
"dateUpdated": "2025-02-24T14:49:12.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26660 (GCVE-0-2025-26660)
Vulnerability from cvelistv5 – Published: 2025-03-11 00:36 – Updated: 2025-03-11 14:13
VLAI
Title
Broken Access Control in SAP Fiori apps (Posting Library)
Summary
SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted.
Severity
4.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP_SE | SAP Fiori apps (Posting Library) |
Affected:
S4CORE 103
Affected: 104 Affected: 105 Affected: 106 Affected: 107 Affected: 108 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T14:13:51.312177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:13:59.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Fiori apps (Posting Library)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "S4CORE 103"
},
{
"status": "affected",
"version": "104"
},
{
"status": "affected",
"version": "105"
},
{
"status": "affected",
"version": "106"
},
{
"status": "affected",
"version": "107"
},
{
"status": "affected",
"version": "108"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted.\u003c/p\u003e"
}
],
"value": "SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T00:36:54.383Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3557655"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Broken Access Control in SAP Fiori apps (Posting Library)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2025-26660",
"datePublished": "2025-03-11T00:36:54.383Z",
"dateReserved": "2025-02-12T21:05:31.735Z",
"dateUpdated": "2025-03-11T14:13:59.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26788 (GCVE-0-2025-26788)
Vulnerability from cvelistv5 – Published: 2025-02-14 00:00 – Updated: 2025-02-15 18:30
VLAI
Summary
StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverable transaction.
Severity
8.4 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| StrongKey | FIDO Server |
Affected:
4.10.0 , < 4.15.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T15:38:31.565848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T15:38:41.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FIDO Server",
"vendor": "StrongKey",
"versions": [
{
"lessThan": "4.15.1",
"status": "affected",
"version": "4.10.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverable transaction."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-15T18:30:13.176Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.strongkey.com/index.php/skfs-v3/skfs-release-notes"
},
{
"url": "https://www.securing.pl/en/cve-2025-26788-passkey-authentication-bypass-in-strongkey-fido-server/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-26788",
"datePublished": "2025-02-14T00:00:00.000Z",
"dateReserved": "2025-02-14T00:00:00.000Z",
"dateUpdated": "2025-02-15T18:30:13.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26857 (GCVE-0-2025-26857)
Vulnerability from cvelistv5 – Published: 2025-04-15 21:12 – Updated: 2025-04-16 15:08
VLAI
Title
Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Summary
Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers).
Severity
5.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Growatt | Cloud portal |
Affected:
0 , < 3.6.0
(custom)
|
Date Public
2025-04-15 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26857",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T14:59:36.663761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T15:08:48.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud portal",
"vendor": "Growatt",
"versions": [
{
"lessThan": "3.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Forescout Technologies reported these vulnerabilities to CISA."
}
],
"datePublic": "2025-04-15T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers).\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers)."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T21:12:13.452Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGrowatt reports the cloud-based vulnerabilities were patched and no user action is needed. Additionally, Growatt strongly recommends that their users take proactive steps in securing their devices and take the following actions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUpdate all devices to the latest firmware version when available. (Updates are automatic, no user action needed.)\u003c/li\u003e\u003cli\u003eUse strong passwords and enable multi-factor authentication where applicable.\u003c/li\u003e\u003cli\u003eReport any security concerns to \u003ca target=\"_blank\" rel=\"nofollow\"\u003eService@Growatt.com\u003c/a\u003e.\u003c/li\u003e\u003cli\u003eStay vigilant. Users and installers should regularly review security settings, follow best practices, and report any unusual activity.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "Growatt reports the cloud-based vulnerabilities were patched and no user action is needed. Additionally, Growatt strongly recommends that their users take proactive steps in securing their devices and take the following actions:\n\n * Update all devices to the latest firmware version when available. (Updates are automatic, no user action needed.)\n * Use strong passwords and enable multi-factor authentication where applicable.\n * Report any security concerns to Service@Growatt.com.\n * Stay vigilant. Users and installers should regularly review security settings, follow best practices, and report any unusual activity."
}
],
"source": {
"advisory": "ICSA-25-105-04",
"discovery": "EXTERNAL"
},
"title": "Growatt Cloud portal Authorization Bypass Through User-Controlled Key",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-26857",
"datePublished": "2025-04-15T21:12:13.452Z",
"dateReserved": "2025-04-01T17:32:00.724Z",
"dateUpdated": "2025-04-16T15:08:48.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26965 (GCVE-0-2025-26965)
Vulnerability from cvelistv5 – Published: 2025-02-25 14:17 – Updated: 2026-04-29 09:51
VLAI
Title
WordPress Amelia plugin <= 1.2.16 - Insecure Direct Object References (IDOR) vulnerability
Summary
Authorization Bypass Through User-Controlled Key vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through <= 1.2.16.
Severity
5.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ameliabooking | Amelia |
Affected:
0 , ≤ 1.2.16
(custom)
|
Date Public
2026-04-01 16:35
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:54:46.435459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:55:09.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "ameliabooking",
"product": "Amelia",
"vendor": "ameliabooking",
"versions": [
{
"changes": [
{
"at": "1.2.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.2.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Revan Arifio | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:35:28.332Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Amelia: from n/a through \u003c= 1.2.16.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through \u003c= 1.2.16."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T09:51:54.733Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/ameliabooking/vulnerability/wordpress-amelia-plugin-1-2-16-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"title": "WordPress Amelia plugin \u003c= 1.2.16 - Insecure Direct Object References (IDOR) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-26965",
"datePublished": "2025-02-25T14:17:57.642Z",
"dateReserved": "2025-02-17T11:51:33.746Z",
"dateUpdated": "2026-04-29T09:51:54.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Phase: Architecture and Design
Description:
- Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.