CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,318 vulnerabilities with CWE-285
CVE-2025-29827 CRITICAL
Azure Automation - Privilege Escalation via Improper Authorization
CVSS 9.9
CVE-2025-4104 CRITICAL
Frontend Dashboard <2.2.6 - Privilege Escalation
CVSS 9.8
CVE-2025-3924 MEDIUM
PeproDev Ultimate Profile Solutions - Info Disclosure
CVSS 5.3
CVE-2025-3921 HIGH
PeproDev Ultimate Profile Solutions <7.5.2 - Info Disclosure
CVSS 8.2
CVE-2025-3918 CRITICAL
Job Listings <0.1.1 - Privilege Escalation
CVSS 9.8
CVE-2025-4210 HIGH
Casdoor < 1.812.0 - Authorization Bypass via SCIM User Creation Endpoint
CVSS 7.3
CVE-2025-4136 MEDIUM
Weitong Mall 1.0.0 - Improper Authorization via Sale Endpoint ID Parameter
CVSS 5.4
CVE-2025-30392 CRITICAL
Azure Bot Framework SDK - Privilege Escalation
CVSS 9.8
CVE-2025-30390 CRITICAL
Azure Machine Learning - Improper Authorization
CVSS 9.9
CVE-2025-30389 HIGH
Azure Bot Framework SDK - Privilege Escalation
CVSS 8.7
CVE-2025-32972 LOW
XWiki 6.1-15.10.11, 16.0.0-16.4.2, 16.5.0-16.7.0 - Authenticated Cache Clearing via LESS Compiler
CVSS 2.7
CVE-2025-4017 MEDIUM
novel-plus < 5.1.1 - Improper Authorization in LogController
CVSS 4.3
CVE-2025-4016 MEDIUM
novel-plus < 5.1.1 - Improper Authorization in LogController deleteIndex Function
CVSS 5.4
CVE-2025-3981 MEDIUM
wowjoy Internet Doctor Workstation System 1.0 - Info Disclosure
CVSS 4.3
CVE-2025-3980 MEDIUM
wowjoy Internet Doctor Workstation System 1.0 - Auth Bypass
CVSS 4.3
CVE-2025-3977 MEDIUM
iteachyou Dreamer CMS <4.1.3 - Info Disclosure
CVSS 4.3
CVE-2025-3967 MEDIUM
itwanger paicoding 1.0.3 - Auth Bypass
CVSS 5.4
CVE-2025-2850 LOW
GL.iNet Various - Path Traversal
CVSS 3.5
CVE-2025-32982 HIGH
NETSCOUT nGeniusONE < 6.4.0 - Broken Authorization in Report Module
CVSS 7.5
CVE-2025-32964 MEDIUM
ManageWiki < 2025-04-21 - Improper Authorization via Conflicting Extension Handling
CVSS 4.6
CVE-2025-29659 CRITICAL
Yi IOT XY-3820 6.0.24.10 - Remote Code Execution via cmd_listen Function
CVSS 9.8
CVE-2025-3587 MEDIUM
ZeroWdd studentmanager 1.0 - Improper Authorization via /getTeacherList
CVSS 6.3
CVE-2025-3569 MEDIUM
JamesZBL db-hospital-drug 1.0 - Improper Authorization in ShiroConfig.java
CVSS 6.3
CVE-2025-3567 MEDIUM
Echo 4.2 - Incorrect Privilege Assignment in LoginTicketInterceptor
CVSS 4.3
CVE-2025-3564 MEDIUM
huanfenz StudentManager <= 1.0 - Improper Authorization in Teacher String Handler
CVSS 4.3
Details
Vulnerabilities 1,318
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits