CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
CVE-2025-5071 (GCVE-0-2025-5071)
Vulnerability from cvelistv5 – Published: 2025-06-19 09:23 – Updated: 2025-06-20 13:11
VLAI
Title
AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP
Summary
The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like 'wp_create_user', 'wp_update_user' and 'wp_update_option', which can be used for privilege escalation, and 'wp_update_post', 'wp_delete_post', 'wp_update_comment' and 'wp_delete_comment', which can be used to edit and delete posts and comments.
Severity
8.8 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tigroumeow | AI Engine |
Affected:
2.8.0 , ≤ 2.8.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5071",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-20T12:49:14.799564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:11:34.092Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AI Engine",
"vendor": "tigroumeow",
"versions": [
{
"lessThanOrEqual": "2.8.3",
"status": "affected",
"version": "2.8.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the \u0027Meow_MWAI_Labs_MCP::can_access_mcp\u0027 function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like \u0027wp_create_user\u0027, \u0027wp_update_user\u0027 and \u0027wp_update_option\u0027, which can be used for privilege escalation, and \u0027wp_update_post\u0027, \u0027wp_delete_post\u0027, \u0027wp_update_comment\u0027 and \u0027wp_delete_comment\u0027, which can be used to edit and delete posts and comments."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T09:23:47.875Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e7654a1-0020-4bf1-86be-bdb238a9fe0d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.8.1/labs/mcp.php#L43"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3313554/ai-engine#file21"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-21T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-05-21T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-06-18T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-5071",
"datePublished": "2025-06-19T09:23:47.875Z",
"dateReserved": "2025-05-21T22:04:13.168Z",
"dateUpdated": "2025-06-20T13:11:34.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5187 (GCVE-0-2025-5187)
Vulnerability from cvelistv5 – Published: 2025-08-27 16:20 – Updated: 2026-02-26 17:47
VLAI
Title
Nodes can delete themselves by adding an OwnerReference
Summary
A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection.
Severity
6.7 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/kubernetes/kubernetes/issues/133471 | issue-tracking |
| https://groups.google.com/g/kubernetes-security-a… | mailing-list |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kubernetes | Kubernetes |
Affected:
v1.31.0 , ≤ v1.31.11
(custom)
Affected: v1.32.0 , ≤ v1.32.7 (custom) Affected: v1.33.0 , ≤ v1.33.3 (custom) |
Date Public
2025-08-13 20:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5187",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T03:55:27.614711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:59.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "v1.31.11",
"status": "affected",
"version": "v1.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.32.7",
"status": "affected",
"version": "v1.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.33.3",
"status": "affected",
"version": "v1.33.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Paul Viossat"
}
],
"datePublic": "2025-08-13T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection."
}
],
"value": "A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:20:56.778Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/133471"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/znSNY7XCztE"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To mitigate this vulnerability, upgrade Kubernetes: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/\"\u003ehttps://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "To mitigate this vulnerability, upgrade Kubernetes: https://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Nodes can delete themselves by adding an OwnerReference",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2025-5187",
"datePublished": "2025-08-27T16:20:56.778Z",
"dateReserved": "2025-05-25T18:24:14.173Z",
"dateUpdated": "2026-02-26T17:47:59.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52487 (GCVE-0-2025-52487)
Vulnerability from cvelistv5 – Published: 2025-06-21 02:44 – Updated: 2025-06-23 17:46
VLAI
Title
DNN.PLATFORM possibly allows bypass of IP Filters
Summary
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP Addresses not in the allow list. This issue has been patched in version 10.0.1.
Severity
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/dnnsoftware/Dnn.Platform/secur… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| dnnsoftware | Dnn.Platform |
Affected:
>= 7.0.0, < 10.0.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T17:46:40.276587Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T17:46:51.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Dnn.Platform",
"vendor": "dnnsoftware",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 10.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP Addresses not in the allow list. This issue has been patched in version 10.0.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-21T02:44:58.636Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fjhg-3mrh-mm7h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fjhg-3mrh-mm7h"
}
],
"source": {
"advisory": "GHSA-fjhg-3mrh-mm7h",
"discovery": "UNKNOWN"
},
"title": "DNN.PLATFORM possibly allows bypass of IP Filters"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-52487",
"datePublished": "2025-06-21T02:44:58.636Z",
"dateReserved": "2025-06-17T02:28:39.718Z",
"dateUpdated": "2025-06-23T17:46:51.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52890 (GCVE-0-2025-52890)
Vulnerability from cvelistv5 – Published: 2025-06-25 16:51 – Updated: 2025-06-25 17:54
VLAI
Title
Incus vulnerable to antispoofing nftables firewall rule bypass on bridge networks with ACLs
Summary
Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables rules that partially bypass security options `security.mac_filtering`, `security.ipv4_filtering` and `security.ipv6_filtering`. This can lead to ARP spoofing on the bridge and to fully spoof another VM/container on the same bridge. Commit 254dfd2483ab8de39b47c2258b7f1cf0759231c8 contains a patch for the issue.
Severity
8.1 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/lxc/incus/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/lxc/incus/commit/254dfd2483ab8… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52890",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T17:53:58.542840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T17:54:01.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/lxc/incus/security/advisories/GHSA-p7fw-vjjm-2rwp"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "incus",
"vendor": "lxc",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.12, \u003c= 6.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables rules that partially bypass security options `security.mac_filtering`, `security.ipv4_filtering` and `security.ipv6_filtering`. This can lead to ARP spoofing on the bridge and to fully spoof another VM/container on the same bridge. Commit 254dfd2483ab8de39b47c2258b7f1cf0759231c8 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T16:51:24.279Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/lxc/incus/security/advisories/GHSA-p7fw-vjjm-2rwp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/incus/security/advisories/GHSA-p7fw-vjjm-2rwp"
},
{
"name": "https://github.com/lxc/incus/commit/254dfd2483ab8de39b47c2258b7f1cf0759231c8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lxc/incus/commit/254dfd2483ab8de39b47c2258b7f1cf0759231c8"
}
],
"source": {
"advisory": "GHSA-p7fw-vjjm-2rwp",
"discovery": "UNKNOWN"
},
"title": "Incus vulnerable to antispoofing nftables firewall rule bypass on bridge networks with ACLs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-52890",
"datePublished": "2025-06-25T16:51:24.279Z",
"dateReserved": "2025-06-20T17:42:25.709Z",
"dateUpdated": "2025-06-25T17:54:01.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52918 (GCVE-0-2025-52918)
Vulnerability from cvelistv5 – Published: 2025-06-21 00:00 – Updated: 2025-07-28 13:15
VLAI
Summary
Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces.
Severity
5 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T20:17:17.085484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T20:17:30.974Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RPS",
"vendor": "Yealink",
"versions": [
{
"lessThan": "2025-05-26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T13:15:33.423Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.yealink.com/en/trust-center/security-advisories/1318c5efb82e4526"
},
{
"url": "https://support.yealink.com/en/portal/knowledge/show?id=646b44278ef325311f38303f"
},
{
"url": "https://seclists.org/fulldisclosure/2025/Jun/20"
},
{
"url": "https://dnip.ch/2025/06/25/yealink-voip-phones-insecurity-by-design/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-52918",
"datePublished": "2025-06-21T00:00:00.000Z",
"dateReserved": "2025-06-21T00:00:00.000Z",
"dateUpdated": "2025-07-28T13:15:33.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53391 (GCVE-0-2025-53391)
Vulnerability from cvelistv5 – Published: 2025-06-28 00:00 – Updated: 2025-06-30 13:32
VLAI
Summary
The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has insecure PolicyKit allow_any/allow_inactive/allow_active settings that allow a local user to escalate their privileges to root.
Severity
9.3 (Critical)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53391",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T13:29:30.436671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T13:32:33.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108288"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "zulucrypt",
"vendor": "Debian",
"versions": [
{
"lessThanOrEqual": "zulucrypt_6.2.0-1",
"status": "affected",
"version": "zulucrypt_5.5.0-1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has insecure PolicyKit allow_any/allow_inactive/allow_active settings that allow a local user to escalate their privileges to root."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-28T21:37:51.430Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.debian.org/1108288"
},
{
"url": "https://salsa.debian.org/debian/zulucrypt/-/blob/9d661c9f384c4d889d3387944e14ac70cfb9684b/debian/patches/fix_zulupolkit_policy.patch"
},
{
"url": "https://deb.debian.org/debian/pool/main/z/zulucrypt/zulucrypt_6.2.0-1.dsc"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-53391",
"datePublished": "2025-06-28T00:00:00.000Z",
"dateReserved": "2025-06-28T00:00:00.000Z",
"dateUpdated": "2025-06-30T13:32:33.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53836 (GCVE-0-2025-53836)
Vulnerability from cvelistv5 – Published: 2025-07-14 23:08 – Updated: 2025-07-15 19:49
VLAI
Title
XWiki Rendering is vulnerable to RCE attacks when processing nested macros
Summary
XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't preserve the restricted attribute of the transformation context when executing nested macros. This allows executing macros that are normally forbidden in restricted mode, in particular script macros. The cache and chart macros that are bundled in XWiki use the vulnerable feature. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. To avoid the exploitation of this bug, comments can be disabled for untrusted users until an upgrade to a patched version has been performed. Note that users with edit rights will still be able to add comments via the object editor even if comments have been disabled.
Severity
10 (Critical)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/xwiki/xwiki-rendering/security… | x_refsource_CONFIRM |
| https://github.com/xwiki/xwiki-rendering/commit/c… | x_refsource_MISC |
| https://jira.xwiki.org/browse/XRENDERING-689 | x_refsource_MISC |
| https://jira.xwiki.org/browse/XWIKI-20375 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| xwiki | xwiki-rendering |
Affected:
>= 4.2-milestone-1, < 13.10.11
Affected: >= 14.0, < 14.4.7 Affected: >= 14.5, < 14.10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53836",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-15T13:24:52.433487Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T19:49:20.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-32mf-57h2-64x9"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-rendering",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.2-milestone-1, \u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0, \u003c 14.4.7"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn\u0027t preserve the restricted attribute of the transformation context when executing nested macros. This allows executing macros that are normally forbidden in restricted mode, in particular script macros. The cache and chart macros that are bundled in XWiki use the vulnerable feature. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. To avoid the exploitation of this bug, comments can be disabled for untrusted users until an upgrade to a patched version has been performed. Note that users with edit rights will still be able to add comments via the object editor even if comments have been disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T23:08:34.071Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-32mf-57h2-64x9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-32mf-57h2-64x9"
},
{
"name": "https://github.com/xwiki/xwiki-rendering/commit/c73fa3ccd4ac59057e48e5d4325f659e78e8f86d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-rendering/commit/c73fa3ccd4ac59057e48e5d4325f659e78e8f86d"
},
{
"name": "https://jira.xwiki.org/browse/XRENDERING-689",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XRENDERING-689"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20375",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20375"
}
],
"source": {
"advisory": "GHSA-32mf-57h2-64x9",
"discovery": "UNKNOWN"
},
"title": "XWiki Rendering is vulnerable to RCE attacks when processing nested macros"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53836",
"datePublished": "2025-07-14T23:08:34.071Z",
"dateReserved": "2025-07-09T14:14:52.532Z",
"dateUpdated": "2025-07-15T19:49:20.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53895 (GCVE-0-2025-53895)
Vulnerability from cvelistv5 – Published: 2025-07-15 16:39 – Updated: 2025-07-15 17:19
VLAI
Title
ZITADEL has broken authN and authZ in session API and resulting session tokens
Summary
ZITADEL is an open source identity management system. Starting in version 2.53.0 and prior to versions 4.0.0-rc.2, 3.3.2, 2.71.13, and 2.70.14, vulnerability in ZITADEL's session management API allows any authenticated user to update a session if they know its ID, due to a missing permission check. This flaw enables session hijacking, allowing an attacker to impersonate another user and access sensitive resources. Versions prior to `2.53.0` are not affected, as they required the session token for updates. Versions 4.0.0-rc.2, 3.3.2, 2.71.13, and 2.70.14 fix the issue.
Severity
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/zitadel/zitadel/security/advis… | x_refsource_CONFIRM |
| https://github.com/zitadel/zitadel/releases/tag/v… | x_refsource_MISC |
| https://github.com/zitadel/zitadel/releases/tag/v… | x_refsource_MISC |
| https://github.com/zitadel/zitadel/releases/tag/v3.3.2 | x_refsource_MISC |
| https://github.com/zitadel/zitadel/releases/tag/v… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-15T17:19:18.220867Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T17:19:29.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "zitadel",
"vendor": "zitadel",
"versions": [
{
"status": "affected",
"version": "= 4.0.0-rc.1"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.3.1"
},
{
"status": "affected",
"version": "\u003e= 2.53.0, \u003c 2.70.14"
},
{
"status": "affected",
"version": "\u003e= 2.71.0, \u003c 2.71.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZITADEL is an open source identity management system. Starting in version 2.53.0 and prior to versions 4.0.0-rc.2, 3.3.2, 2.71.13, and 2.70.14, vulnerability in ZITADEL\u0027s session management API allows any authenticated user to update a session if they know its ID, due to a missing permission check. This flaw enables session hijacking, allowing an attacker to impersonate another user and access sensitive resources. Versions prior to `2.53.0` are not affected, as they required the session token for updates. Versions 4.0.0-rc.2, 3.3.2, 2.71.13, and 2.70.14 fix the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384: Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T16:39:00.635Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/zitadel/zitadel/security/advisories/GHSA-6c5p-6www-pcmr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-6c5p-6www-pcmr"
},
{
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.70.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.70.14"
},
{
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.71.13",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.71.13"
},
{
"name": "https://github.com/zitadel/zitadel/releases/tag/v3.3.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zitadel/zitadel/releases/tag/v3.3.2"
},
{
"name": "https://github.com/zitadel/zitadel/releases/tag/v4.0.0-rc.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zitadel/zitadel/releases/tag/v4.0.0-rc.2"
}
],
"source": {
"advisory": "GHSA-6c5p-6www-pcmr",
"discovery": "UNKNOWN"
},
"title": "ZITADEL has broken authN and authZ in session API and resulting session tokens"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53895",
"datePublished": "2025-07-15T16:39:00.635Z",
"dateReserved": "2025-07-11T19:05:23.825Z",
"dateUpdated": "2025-07-15T17:19:29.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53902 (GCVE-0-2025-53902)
Vulnerability from cvelistv5 – Published: 2025-07-29 19:36 – Updated: 2025-07-29 19:41
VLAI
Title
Tuleap exposes artifacts to a mentioned user via email notifications
Summary
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially access confidential information from artifacts that they are not authorized to view. This is fixed in Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5.
Severity
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/Enalean/tuleap/security/adviso… | x_refsource_CONFIRM |
| https://github.com/Enalean/tuleap/commit/ebe054df… | x_refsource_MISC |
| https://tuleap.net/plugins/git/tuleap/tuleap/stab… | x_refsource_MISC |
| https://tuleap.net/plugins/tracker/?aid=43704 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53902",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T19:41:37.859082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T19:41:49.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tuleap",
"vendor": "Enalean",
"versions": [
{
"status": "affected",
"version": "Tuleap Community Edition \u003c 16.9.99.1752585665"
},
{
"status": "affected",
"version": "Tuleap Enterprise Edition \u003c 16.8-6"
},
{
"status": "affected",
"version": "Tuleap Enterprise Edition \u003e= 16.9, \u003c 16.9-5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially access confidential information from artifacts that they are not authorized to view. This is fixed in Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T19:36:10.910Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-6f24-5v47-rj6j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-6f24-5v47-rj6j"
},
{
"name": "https://github.com/Enalean/tuleap/commit/ebe054df8a2672afee41af84e5ba14b57ef8b789",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Enalean/tuleap/commit/ebe054df8a2672afee41af84e5ba14b57ef8b789"
},
{
"name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=ebe054df8a2672afee41af84e5ba14b57ef8b789",
"tags": [
"x_refsource_MISC"
],
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=ebe054df8a2672afee41af84e5ba14b57ef8b789"
},
{
"name": "https://tuleap.net/plugins/tracker/?aid=43704",
"tags": [
"x_refsource_MISC"
],
"url": "https://tuleap.net/plugins/tracker/?aid=43704"
}
],
"source": {
"advisory": "GHSA-6f24-5v47-rj6j",
"discovery": "UNKNOWN"
},
"title": "Tuleap exposes artifacts to a mentioned user via email notifications"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53902",
"datePublished": "2025-07-29T19:36:10.910Z",
"dateReserved": "2025-07-11T19:05:23.826Z",
"dateUpdated": "2025-07-29T19:41:49.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53922 (GCVE-0-2025-53922)
Vulnerability from cvelistv5 – Published: 2025-12-19 15:10 – Updated: 2025-12-19 15:25
VLAI
Title
Galette has access control bypass
Summary
Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue.
Severity
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/galette/galette/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53922",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T15:25:11.809842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T15:25:27.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "galette",
"vendor": "galette",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.1.4, \u003c 1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 1.3,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T15:10:00.685Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/galette/galette/security/advisories/GHSA-5jp7-5c38-3pv6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/galette/galette/security/advisories/GHSA-5jp7-5c38-3pv6"
}
],
"source": {
"advisory": "GHSA-5jp7-5c38-3pv6",
"discovery": "UNKNOWN"
},
"title": "Galette has access control bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53922",
"datePublished": "2025-12-19T15:10:00.685Z",
"dateReserved": "2025-07-14T17:23:35.258Z",
"dateUpdated": "2025-12-19T15:25:27.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation ID: MIT-4.4
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Phase: Architecture and Design
Description:
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Phases: System Configuration, Installation
Description:
- Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.