CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
CVE-2025-3475 (GCVE-0-2025-3475)
Vulnerability from cvelistv5 – Published: 2025-04-09 17:46 – Updated: 2025-04-09 18:36
VLAI
Title
WEB-T - Moderately critical - Access bypass, Denial of service - SA-CONTRIB-2025-030
Summary
Allocation of Resources Without Limits or Throttling, Incorrect Authorization vulnerability in Drupal WEB-T allows Excessive Allocation, Content Spoofing.This issue affects WEB-T: from 0.0.0 before 1.1.0.
Severity
6.5 (Medium)
CWE
Assigner
References
1 reference
Date Public
2025-04-09 17:04
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-3475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T18:34:14.161994Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T18:36:41.734Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/webt",
"defaultStatus": "unaffected",
"product": "WEB-T",
"repo": "https://git.drupalcode.org/project/webt",
"vendor": "Drupal",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jan Kellermann (jan kellermann)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "dragels"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Jan Kellermann (jan kellermann)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison (greggles)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Juraj Nemec (poker10)"
}
],
"datePublic": "2025-04-09T17:04:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Allocation of Resources Without Limits or Throttling, Incorrect Authorization vulnerability in Drupal WEB-T allows Excessive Allocation, Content Spoofing.\u003cp\u003eThis issue affects WEB-T: from 0.0.0 before 1.1.0.\u003c/p\u003e"
}
],
"value": "Allocation of Resources Without Limits or Throttling, Incorrect Authorization vulnerability in Drupal WEB-T allows Excessive Allocation, Content Spoofing.This issue affects WEB-T: from 0.0.0 before 1.1.0."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
},
{
"capecId": "CAPEC-148",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-148 Content Spoofing"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T17:46:55.726Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2025-030"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WEB-T - Moderately critical - Access bypass, Denial of service - SA-CONTRIB-2025-030",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2025-3475",
"datePublished": "2025-04-09T17:46:55.726Z",
"dateReserved": "2025-04-09T16:30:42.269Z",
"dateUpdated": "2025-04-09T18:36:41.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3476 (GCVE-0-2025-3476)
Vulnerability from cvelistv5 – Published: 2025-05-07 18:42 – Updated: 2025-05-07 19:59
VLAI
Summary
Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allows privilege escalation by authenticated users.This issue affects Operations Bridge Manager: 2023.05, 23.4, 24.2, 24.4.
Severity
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText™ | Operations Bridge Manager |
Affected:
2023.05
Affected: 23.4 Affected: 24.2 Affected: 24.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3476",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T19:58:59.725318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:59:12.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Operations Bridge Manager",
"vendor": "OpenText\u2122",
"versions": [
{
"status": "affected",
"version": "2023.05"
},
{
"status": "affected",
"version": "23.4"
},
{
"status": "affected",
"version": "24.2"
},
{
"status": "affected",
"version": "24.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Authorization vulnerability in OpenText\u2122 Operations Bridge Manager. The vulnerability could\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eallows privilege escalation by authenticated users.\u003c/span\u003e\u003cp\u003eThis issue affects Operations Bridge Manager: 2023.05, 23.4, 24.2, 24.4.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization vulnerability in OpenText\u2122 Operations Bridge Manager. The vulnerability could\u00a0allows privilege escalation by authenticated users.This issue affects Operations Bridge Manager: 2023.05, 23.4, 24.2, 24.4."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/V:C/RE:H/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T18:42:08.134Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000040406?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000040406?language=en_US\"\u003eOperations Bridge Manager: Security Update for CVE-2025-3476\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "Operations Bridge Manager: Security Update for CVE-2025-3476 https://portal.microfocus.com/s/article/KM000040406"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2025-3476",
"datePublished": "2025-05-07T18:42:08.134Z",
"dateReserved": "2025-04-09T17:15:22.028Z",
"dateUpdated": "2025-05-07T19:59:12.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3586 (GCVE-0-2025-3586)
Vulnerability from cvelistv5 – Published: 2025-09-01 18:07 – Updated: 2026-02-26 17:49
VLAI
Summary
In Liferay Portal 7.4.3.27 through 7.4.3.42, and Liferay DXP 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 27 through update 42 (Liferay PaaS, and Liferay Self-Hosted), the Objects module does not restrict the use of Groovy scripts in Object actions for Admin Users. This allows remote authenticated admin users with the Instance Administrator role to execute arbitrary Groovy scripts (i.e., remote code execution) through Object actions.
In contrast, in Liferay DXP (Liferay SaaS), the use of Groovy in Object actions is not allowed due to the high security risks it poses.
Starting from Liferay DXP 2024.Q2 and later, a new feature has been introduced in Instance Settings that allows administrators to configure whether Groovy scripts are allowed in their instances.
Severity
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T03:55:32.956265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:49:55.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Portal",
"vendor": "Liferay",
"versions": [
{
"lessThanOrEqual": "7.4.3.42",
"status": "affected",
"version": "7.4.3.27",
"versionType": "maven"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DXP",
"vendor": "Liferay",
"versions": [
{
"lessThanOrEqual": "7.4.13-u42",
"status": "affected",
"version": "7.4.13-u27",
"versionType": "maven"
},
{
"lessThanOrEqual": "2023.Q3.10",
"status": "affected",
"version": "2023.Q3.1",
"versionType": "maven"
},
{
"lessThanOrEqual": "2023.Q4.10",
"status": "affected",
"version": "2023.Q4.0",
"versionType": "maven"
},
{
"lessThanOrEqual": "2024.Q1.20",
"status": "affected",
"version": "2024.Q1.1",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Liferay Portal 7.4.3.27 through 7.4.3.42, and Liferay DXP 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 27 through update 42 (Liferay PaaS, and Liferay Self-Hosted), the Objects module does not restrict the use of Groovy scripts in Object actions for Admin Users. This allows remote authenticated admin users with the Instance Administrator role to execute arbitrary Groovy scripts (i.e., remote code execution) through Object actions. \u003cbr\u003e\u003cbr\u003eIn contrast, in Liferay DXP (Liferay SaaS), the use of Groovy in Object actions is not allowed due to the high security risks it poses. \u003cbr\u003e\u003cbr\u003eStarting from Liferay DXP 2024.Q2 and later, a new feature has been introduced in Instance Settings that allows administrators to configure whether Groovy scripts are allowed in their instances."
}
],
"value": "In Liferay Portal 7.4.3.27 through 7.4.3.42, and Liferay DXP 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 27 through update 42 (Liferay PaaS, and Liferay Self-Hosted), the Objects module does not restrict the use of Groovy scripts in Object actions for Admin Users. This allows remote authenticated admin users with the Instance Administrator role to execute arbitrary Groovy scripts (i.e., remote code execution) through Object actions. \n\nIn contrast, in Liferay DXP (Liferay SaaS), the use of Groovy in Object actions is not allowed due to the high security risks it poses. \n\nStarting from Liferay DXP 2024.Q2 and later, a new feature has been introduced in Instance Settings that allows administrators to configure whether Groovy scripts are allowed in their instances."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T18:07:56.434Z",
"orgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3",
"shortName": "Liferay"
},
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3586"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3",
"assignerShortName": "Liferay",
"cveId": "CVE-2025-3586",
"datePublished": "2025-09-01T18:07:56.434Z",
"dateReserved": "2025-04-14T12:30:41.451Z",
"dateUpdated": "2026-02-26T17:49:55.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3609 (GCVE-0-2025-3609)
Vulnerability from cvelistv5 – Published: 2025-05-06 01:42 – Updated: 2026-04-08 17:34
VLAI
Title
Reales WP STPT <= 2.1.2 - Unauthorized User Registration
Summary
The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the 'reales_user_signup_form' AJAX action not verifying if user registration is enabled, prior to registering a user. This makes it possible for unauthenticated attackers to create new user accounts, which can be leveraged with CVE-XX to achieve privilege escalation.
Severity
5.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| pixel_prime | Reales WP STPT |
Affected:
0 , ≤ 2.1.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3609",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T02:36:20.122494Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T02:36:28.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Reales WP STPT",
"vendor": "pixel_prime",
"versions": [
{
"lessThanOrEqual": "2.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Friderika Baranyai"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the \u0027reales_user_signup_form\u0027 AJAX action not verifying if user registration is enabled, prior to registering a user. This makes it possible for unauthenticated attackers to create new user accounts, which can be leveraged with CVE-XX to achieve privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:34:17.501Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f9f3250f-39a1-4ba1-b9a2-222926635ca0?source=cve"
},
{
"url": "https://themeforest.net/item/reales-wp-real-estate-wordpress-theme/10330568"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-05T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Reales WP STPT \u003c= 2.1.2 - Unauthorized User Registration"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-3609",
"datePublished": "2025-05-06T01:42:44.208Z",
"dateReserved": "2025-04-14T20:16:57.211Z",
"dateUpdated": "2026-04-08T17:34:17.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3611 (GCVE-0-2025-3611)
Vulnerability from cvelistv5 – Published: 2025-05-30 14:22 – Updated: 2025-05-30 14:37
VLAI
Title
Improper Access Control in Mattermost allows System Managers to view team details despite role restrictions
Summary
Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team endpoints, even when explicitly configured with 'No access' to Teams in the System Console.
Severity
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.7.0
(semver)
Affected: 10.5.0 , ≤ 10.5.3 (semver) Affected: 9.11.0 , ≤ 9.11.12 (semver) Unaffected: 10.8.0 Unaffected: 10.7.1 Unaffected: 10.5.4 Unaffected: 9.11.13 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3611",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T14:37:28.621750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:37:42.109Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"status": "affected",
"version": "10.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.5.3",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.11.12",
"status": "affected",
"version": "9.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.8.0"
},
{
"status": "unaffected",
"version": "10.7.1"
},
{
"status": "unaffected",
"version": "10.5.4"
},
{
"status": "unaffected",
"version": "9.11.13"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "hackit_bharat"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost versions 10.7.x \u0026lt;= 10.7.0, 10.5.x \u0026lt;= 10.5.3, 9.11.x \u0026lt;= 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team endpoints, even when explicitly configured with \u0027No access\u0027 to Teams in the System Console.\u003c/p\u003e"
}
],
"value": "Mattermost versions 10.7.x \u003c= 10.7.0, 10.5.x \u003c= 10.5.3, 9.11.x \u003c= 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team endpoints, even when explicitly configured with \u0027No access\u0027 to Teams in the System Console."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:22:09.854Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost to versions 10.8.0, 10.7.1, 10.5.4, 9.11.13 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost to versions 10.8.0, 10.7.1, 10.5.4, 9.11.13 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00462",
"defect": [
"https://mattermost.atlassian.net/browse/MM-63377"
],
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in Mattermost allows System Managers to view team details despite role restrictions",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-3611",
"datePublished": "2025-05-30T14:22:09.854Z",
"dateReserved": "2025-04-14T20:40:50.972Z",
"dateUpdated": "2025-05-30T14:37:42.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36120 (GCVE-0-2025-36120)
Vulnerability from cvelistv5 – Published: 2025-08-18 13:39 – Updated: 2026-02-26 17:48
VLAI
Title
IBM Storage Virtualize privilege escalation
Summary
IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources.
Severity
8.8 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7240796 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.4
Affected: 8.5 Affected: 8.6 Affected: 8.7 cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-19T03:55:31.886479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:30.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.4"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "8.6"
},
{
"status": "affected",
"version": "8.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources."
}
],
"value": "IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T13:39:41.381Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240796"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Version(s)\u003c/td\u003e\u003ctd\u003eFixed Version\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.4.0.0-8.4.0.17\u003c/td\u003e\u003ctd\u003e8.4.0.18\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.1\u003c/td\u003e\u003ctd\u003e8.5.0.16\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.5.0.0-8.5.0.15\u003c/td\u003e\u003ctd\u003e8.5.0.16\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0\u003c/td\u003e\u003ctd\u003e8.6.0.9\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.6.0.0-8.6.0.8\u003c/td\u003e\u003ctd\u003e8.6.0.9\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0\u003c/td\u003e\u003ctd\u003e8.7.0.6\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.7.0.0-8.7.0.5\u003c/td\u003e\u003ctd\u003e8.7.0.6\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.2\u003c/td\u003e\u003ctd\u003e8.7.3.3\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\n\nAffected Version(s)Fixed Version8.4.0.0-8.4.0.178.4.0.188.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.18.5.0.168.5.0.0-8.5.0.158.5.0.168.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.08.6.0.98.6.0.0-8.6.0.88.6.0.98.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.08.7.0.68.7.0.0-8.7.0.58.7.0.68.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.28.7.3.3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36120",
"datePublished": "2025-08-18T13:39:41.381Z",
"dateReserved": "2025-04-15T21:16:18.171Z",
"dateUpdated": "2026-02-26T17:48:30.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36157 (GCVE-0-2025-36157)
Vulnerability from cvelistv5 – Published: 2025-08-24 01:14 – Updated: 2026-02-26 17:48
VLAI
Title
IBM Engineering Lifecycle Management incorrect authorization
Summary
IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions.
Severity
9.8 (Critical)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7242925 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Engineering Lifecycle Management |
Affected:
7.0.2 , ≤ 7.0.2 iFix035
(semver)
Affected: 7.0.3 , ≤ 7.0.3 iFix018 (semver) Affected: 7.1.0 , ≤ 7.1.0 iFix004 (semver) cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix035:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix018:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix004:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T03:55:29.154103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:14.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix035:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix018:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix004:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Engineering Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.2 iFix035",
"status": "affected",
"version": "7.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3 iFix018",
"status": "affected",
"version": "7.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.0 iFix004",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions."
}
],
"value": "IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:46:31.452Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7242925"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\u003c/p\u003e\u003cp\u003eIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2. Optionally, upgrade to the latest 7.1.0 version and apply below fix. \u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eAffected Product(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.0.2\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.2\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=7.0.2-IBM-ELM-iFix035-sec\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003e7.0.2 iFix035-sec\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.0.3\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.3\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=7.0.3-IBM-ELM-iFix018-sec\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003e7.0.3 iFix018-sec\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.1.0\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.1\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=7.1-IBM-ELM-iFix004-sec\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\u0026amp;login=true\"\u003e7.1.0 iFix004-sec\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003eApart from installing these iFixes, kindly perform the following additional step as mentioned below:\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003e1. Set the Advanced property named \"setup.isRegistrationHandlerServiceOpen\" to \"False\" under Jazz Team Server (JTS) \u0026gt; Server Administration \u0026gt; Advanced property page and save your changes.\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\n\nIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2. Optionally, upgrade to the latest 7.1.0 version and apply below fix. \n\nAffected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation7.0.2Download and install 7.0.2 iFix035-sec https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation7.0.3Download and install 7.0.3 iFix018-sec https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation7.1.0Download and install 7.1.0 iFix004-sec https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or later\n\n\u00a0\n\nApart from installing these iFixes, kindly perform the following additional step as mentioned below:\n\n\n1. Set the Advanced property named \"setup.isRegistrationHandlerServiceOpen\" to \"False\" under Jazz Team Server (JTS) \u003e Server Administration \u003e Advanced property page and save your changes."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Lifecycle Management incorrect authorization",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36157",
"datePublished": "2025-08-24T01:14:41.359Z",
"dateReserved": "2025-04-15T21:16:20.813Z",
"dateUpdated": "2026-02-26T17:48:14.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3644 (GCVE-0-2025-3644)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:43 – Updated: 2025-04-28 16:31
VLAI
Title
Moodle: ajax section delete does not respect course_can_delete_section()
Summary
A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.
Severity
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2025-3644 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2359745 | issue-trackingx_refsource_REDHAT |
| https://moodle.org/mod/forum/discuss.php?d=467605 |
Impacted products
Date Public
2025-04-22 12:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3644",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:42:51.876613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T15:55:21.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.3.12",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
},
{
"lessThan": "4.1.18",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank James E. Calder for reporting this issue."
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:31:20.709Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3644"
},
{
"name": "RHBZ#2359745",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359745"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=467605"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T12:53:42.862Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00.000Z",
"value": "Made public."
}
],
"title": "Moodle: ajax section delete does not respect course_can_delete_section()",
"x_redhatCweChain": "CWE-863: Incorrect Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3644",
"datePublished": "2025-04-25T14:43:12.816Z",
"dateReserved": "2025-04-15T12:53:20.080Z",
"dateUpdated": "2025-04-28T16:31:20.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3645 (GCVE-0-2025-3645)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:43 – Updated: 2025-04-28 16:28
VLAI
Title
Moodle: idor in messaging web service allows access to some user details
Summary
A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses.
Severity
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2025-3645 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2359761 | issue-trackingx_refsource_REDHAT |
| https://moodle.org/mod/forum/discuss.php?d=467606 |
Impacted products
Date Public
2025-04-22 12:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:42:48.876446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T15:55:13.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.3.12",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
},
{
"lessThan": "4.1.18",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank ostapbender for reporting this issue."
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users\u0027 names and online statuses."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:28:39.820Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3645"
},
{
"name": "RHBZ#2359761",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359761"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=467606"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T13:02:44.091Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00.000Z",
"value": "Made public."
}
],
"title": "Moodle: idor in messaging web service allows access to some user details",
"x_redhatCweChain": "CWE-863: Incorrect Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3645",
"datePublished": "2025-04-25T14:43:15.306Z",
"dateReserved": "2025-04-15T13:05:26.013Z",
"dateUpdated": "2025-04-28T16:28:39.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3647 (GCVE-0-2025-3647)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:43 – Updated: 2025-04-28 16:25
VLAI
Title
Moodle: idor when accessing the cohorts report
Summary
A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve.
Severity
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2025-3647 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2359762 | issue-trackingx_refsource_REDHAT |
| https://moodle.org/mod/forum/discuss.php?d=467607 |
Impacted products
Date Public
2025-04-22 12:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:42:45.442245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T15:55:05.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.3.12",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
},
{
"lessThan": "4.1.18",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Paul Holden for reporting this issue."
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:25:41.757Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3647"
},
{
"name": "RHBZ#2359762",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359762"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=467607"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T13:11:17.901Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00.000Z",
"value": "Made public."
}
],
"title": "Moodle: idor when accessing the cohorts report",
"x_redhatCweChain": "CWE-863: Incorrect Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3647",
"datePublished": "2025-04-25T14:43:18.135Z",
"dateReserved": "2025-04-15T13:14:05.846Z",
"dateUpdated": "2025-04-28T16:25:41.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation ID: MIT-4.4
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Phase: Architecture and Design
Description:
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Phases: System Configuration, Installation
Description:
- Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.