CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,318 vulnerabilities with CWE-285
CVE-2025-8756 MEDIUM
tduck-platform < 5.1 - Improper Authorization in AuthorizationInterceptor preHandle
CVSS 6.3
CVE-2025-8755 MEDIUM
macrozheng mall < 1.0.3 - Authorization Bypass via UmsMemberController OrderId Parameter
CVSS 5.3
CVE-2025-54787 LOW
SuiteCRM 7.14.6 - Unauthenticated Arbitrary File Download via Upload Directory ID
CVSS 3.7
CVE-2025-53792 CRITICAL
Azure Portal - Privilege Escalation
CVSS 9.1
CVE-2025-8547 MEDIUM
pybbs < 6.0.0 - Improper Authorization in Email Verification Handler
CVSS 5.3
CVE-2025-54868 HIGH
LibreChat 0.0.6-0.7.7-rc1 - Unauthenticated Arbitrary Chat Data Exposure via Meilisearch Test Endpoint
CVSS 7.5
CVE-2025-54130 HIGH
Cursor < 1.3.9 - Unauthenticated Arbitrary File Write via Dotfile Creation
CVSS 7.5
CVE-2025-8401 MEDIUM
HT Mega < 2.9.1 - Authenticated Sensitive Information Exposure via get_post_data Function
CVSS 4.3
CVE-2025-54585 MEDIUM
GitProxy < 1.19.2 - Improper Authorization via Branch Creation Bypass
CVSS 6.5
CVE-2025-53944 HIGH
autogpt_platform <= v0.6.15 - Authenticated Authorization Bypass via graph_exec_id Parameter
CVSS 7.7
CVE-2025-8261 HIGH
Vaelsys VaelsysV4 4.1.0 - Unauthenticated User Creation via vgrid_server.php
CVSS 7.3
CVE-2025-54378 HIGH
PSU Haxcms-nodejs < 11.0.14 - Missing Authorization
CVSS 8.3
CVE-2025-7947 MEDIUM
jshERP < 3.5 - Improper Authorization via Account Handler ID Parameter
CVSS 5.4
CVE-2025-7938 MEDIUM
Jerryshensjf JPACookieShop 1.0 - Auth Bypass
CVSS 4.3
CVE-2025-49746 CRITICAL
Azure Machine Learning - Privilege Escalation via Improper Authorization
CVSS 9.9
CVE-2025-46732 MEDIUM
OpenCTI < 6.6.6 - Authenticated Insecure Direct Object Reference in Notification Mutations
CVSS 5.4
CVE-2025-50073 MEDIUM
Oracle WebLogic Server <14.1.2.0.0 - Unauthenticated RCE
CVSS 6.1
CVE-2025-53709 MEDIUM
Secure-upload - Privilege Escalation
CVSS 5.4
CVE-2025-0928 HIGH
Juju < 2.9.52 and < 3.6.8 - Authenticated Arbitrary Agent Binary Upload
CVSS 8.8
CVE-2025-53512 MEDIUM
Juju < 2.9.52 - Unauthenticated Sensitive Information Exposure via /log Endpoint
CVSS 6.5
CVE-2025-49701 HIGH
Microsoft SharePoint Server - Remote Code Execution via Improper Authorization
CVSS 8.8
CVE-2025-53532 MEDIUM
giscus - Unauthenticated Discussion Creation via API
CVSS 5.3
CVE-2025-6713 HIGH
MongoDB 6.0.0-6.0.21 - Unauthenticated Data Access via $mergeCursors Stage
CVSS 7.7
CVE-2025-53106 HIGH
Graylog 6.2.0-6.2.3 and 6.3.0-alpha.1-6.3.0-rc.1 - Authenticated Privilege Escalation via API Token Creation
CVSS 8.8
CVE-2025-4654 LOW
Soumettre.fr < 2.1.5 - Unauthenticated Data Modification via make_signature Function
CVSS 3.7
Details
Vulnerabilities 1,318
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits