CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,318 vulnerabilities with CWE-285
CVE-2025-6736 MEDIUM
juzaweb CMS 3.4.2 - Incorrect Privilege Assignment in Add New Themes Page
CVSS 6.3
CVE-2025-6735 MEDIUM
juzaweb CMS 3.4.2 - Improper Authorization in Import Page
CVSS 6.3
CVE-2025-6702 MEDIUM
linlinjava litemall 1.8.0 - Incorrect Privilege Assignment via wx/comment/post adminComment Parameter
CVSS 4.3
CVE-2025-20264 MEDIUM
Cisco Identity Services Engine - Authenticated Authorization Bypass via SAML SSO User
CVSS 6.4
CVE-2025-6431 MEDIUM
Firefox for Android < 140.0 - Improper Authorization via External Application Link Handling
CVSS 6.5
CVE-2025-6525 MEDIUM
70mai 1S <= 20250611 - Unauthenticated Improper Authorization via Configuration Handler
CVSS 4.3
CVE-2025-6329 MEDIUM
ScriptAndTools Real Estate Management System 1.0 - Auth Bypass
CVSS 5.4
CVE-2025-6099 MEDIUM
szluyu99 gin-vue-blog <61dd11ccd296e8642a318ada3ef7b3f7776d2410 - A...
CVSS 5.3
CVE-2025-22239 HIGH
Salt 3006.0rc1-3006.11 and 3007.0-3007.3 - Arbitrary Event Injection via _minion_event Method
CVSS 8.1
CVE-2025-46840 HIGH
Adobe Experience Manager <6.5.22 - Privilege Escalation
CVSS 8.7
CVE-2025-43585 HIGH
Adobe Commerce <=2.4.8 Security Feature Bypass via Improper Authorization
CVSS 8.2
CVE-2025-5522 HIGH
bskms < dffe6640b5b54d8e29da6f060e0493fea74b3fad - Incorrect Privilege Assignment in User Creation Handler
CVSS 7.3
CVE-2025-5511 MEDIUM
quequnlong shiyi-blog <1.2.1 - Info Disclosure
CVSS 5.3
CVE-2025-3454 MEDIUM
Grafana - Improper Authorization via Datasource Proxy API URL Path Manipulation
CVSS 5.0
CVE-2025-4672 HIGH
Offsprout Page Builder <2.15.2 - Privilege Escalation
CVSS 8.8
CVE-2025-4631 CRITICAL
Profitori WordPress <2.1.1.3 - Privilege Escalation
CVSS 9.8
CVE-2025-4103 HIGH
WP-GeoMeta <0.3.5 - Privilege Escalation
CVSS 8.8
CVE-2025-5182 MEDIUM
Summer Pearl Group Vacation Rental Management Platform < 1.0.2 - Authorization Bypass in Listing Handler
CVSS 4.3
CVE-2025-5175 MEDIUM
erdogant pypickle < 2.0.0 - Improper Authorization in Save Function
CVSS 5.3
CVE-2025-48371 HIGH
OpenFGA 1.8.0-1.8.12 - Improper Authorization via Check and ListObject API Calls
CVSS 8.8
CVE-2025-48063 HIGH
XWiki 16.10.0-16.10.3 - Authenticated Remote Code Execution via Required Rights Bypass
CVSS 8.8
CVE-2025-4819 LOW
y_project RuoYi 4.8.0 - Auth Bypass
CVSS 3.1
CVE-2025-4474 HIGH
Frontend Dashboard <2.2.7 - Privilege Escalation
CVSS 8.8
CVE-2025-4473 HIGH
Frontend Dashboard <2.2.7 - Privilege Escalation
CVSS 8.8
CVE-2025-31249 HIGH
macOS < 15.5 - Unprotected User Data Exposure via Logic Issue
CVSS 7.1
Details
Vulnerabilities 1,318
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits