CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,318 vulnerabilities with CWE-285
CVE-2025-10084 MEDIUM
eladmin < 2.7 - Improper Authorization in SysLogController Error Log Detail Query
CVSS 4.3
CVE-2025-10073 MEDIUM
Portabilis i-educar < 2.10.0 - Broken Object Level Authorization via /module/Api/turma
CVSS 4.3
CVE-2025-10014 LOW
eladmin < 2.7 - Improper Authorization via Email Address Handler
CVSS 3.1
CVE-2025-26430 HIGH
Android - Local Privilege Escalation via SpaAppBridgeActivity Logic Error
CVSS 7.8
CVE-2025-9937 MEDIUM
elunez eladmin <1.1 - Privilege Escalation
CVSS 5.4
CVE-2025-9936 MEDIUM
fuyang_lipengjun platform 1.0.0 - Improper Authorization in AdController
CVSS 4.3
CVE-2025-9836 MEDIUM
macrozheng mall < 1.0.3 - Authorization Bypass via Order ID Manipulation
CVSS 4.3
CVE-2025-9835 MEDIUM
macrozheng mall < 1.0.3 - Authorization Bypass via Order Cancellation
CVSS 4.3
CVE-2025-9760 MEDIUM
Portabilis i-educar < 2.10.0 - Incorrect Privilege Assignment in Matricula API
CVSS 6.3
CVE-2025-9687 MEDIUM
Portabilis i-Educar <2.10 - Privilege Escalation
CVSS 6.3
CVE-2025-58156 LOW
Centurion ERP 1.12.0-<1.21.0 - Authenticated Unauthorized Access to Hashed Authentication Tokens
CVSS 1.9
CVE-2025-8147 MEDIUM
LWSCache <= 2.8.5 - Authenticated Arbitrary Plugin Activation via lwscache_activatePlugin
CVSS 4.3
CVE-2025-9609 MEDIUM
Portabilis i-Educar <2.10 - Info Disclosure
CVSS 6.3
CVE-2025-9602 MEDIUM
RockOA < 2.6.9 - Improper Authorization via publicsaveAjax Function
CVSS 6.3
CVE-2025-53795 CRITICAL
Microsoft PC Manager - Privilege Escalation
CVSS 9.1
CVE-2025-7221 MEDIUM
GiveWP <= 4.5.0 - Authenticated Unauthorized Donation Status Modification
CVSS 4.3
CVE-2025-9151 MEDIUM
LiuYuYang01 ThriveX-Blog <3.1.7 - Auth Bypass
CVSS 6.3
CVE-2025-7778 CRITICAL
Icons Factory plugin <1.6.12 - Path Traversal
CVSS 9.8
CVE-2025-55675 MEDIUM
Apache Superset <5.0.0 - Info Disclosure
CVSS 6.5
CVE-2025-8840 MEDIUM
jshERP <= 3.5 - Improper Authorization via /jshERP-boot/user/deleteBatch Endpoint
CVSS 5.4
CVE-2025-8839 MEDIUM
jshERP <= 3.5 - Improper Authorization via User Addition Endpoint
CVSS 6.3
CVE-2025-8794 MEDIUM
LitmusChaos Litmus < 3.19.0 - Authorization Bypass via projectID Manipulation
CVSS 5.3
CVE-2025-8791 MEDIUM
LitmusChaos Litmus < 3.19.0 - Improper Authorization via /auth/list_projects Role Argument
CVSS 6.3
CVE-2025-8790 MEDIUM
Portabilis i-Educar < 2.9.0 - Improper Authorization via Pessoa API Endpoint
CVSS 4.3
CVE-2025-8789 MEDIUM
Portabilis i-educar < 2.9.0 - Authorization Bypass via /module/Api/Diario Endpoint
CVSS 4.3
Details
Vulnerabilities 1,318
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits