CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,320 vulnerabilities with CWE-285
CVE-2025-2397 LOW
China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P...
CVSS 2.4
CVE-2025-2360 HIGH
D-Link DIR-823G 1.0.2B05_20181207 - Incorrect Privilege Assignment via SetUpnpSettings SOAPAction
CVSS 7.3
CVE-2025-2359 HIGH
D-Link DIR-823G 1.0.2B05_20181207 - Incorrect Privilege Assignment via SetDDNSSettings SOAPAction
CVSS 7.3
CVE-2025-2345 CRITICAL
IROAD Dash Cam X5-X6 <20250308 - Auth Bypass
CVSS 9.8
CVE-2025-2320 HIGH
springboot-openai-chatgpt - Improper Authorization in User Handler Submit Function
CVSS 7.3
CVE-2025-24053 HIGH
Microsoft Dataverse - Improper Authorization
CVSS 7.2
CVE-2025-27602 MEDIUM
Umbraco CMS < 10.8.9 - Authenticated Improper Authorization via Backoffice API URL Manipulation
CVSS 4.9
CVE-2025-27601 MEDIUM
Umbraco CMS <14.3.3 & Umbraco.Cms.Api.Management 15.0.0-rc1-15.2.3 - Authenticated Improper Authorization
CVSS 4.3
CVE-2025-2114 LOW
Shenzhen Sixun Software Sixun Shanghui Group Business Management Sy...
CVSS 3.7
CVE-2025-27509 CRITICAL
fleetdm/fleet 4.58.0-4.62.3, 4.63.0-4.63.1, 4.64.0-4.64.1 - SAML Authentication Bypass
CVE-2025-1847 MEDIUM
zframeworks zz < 2024-8 - Improper Authorization
CVSS 6.3
CVE-2025-1815 HIGH
pbrong hrms <= 1.0.1 - Improper Authorization via User Cookie Manipulation
CVSS 7.3
CVE-2025-1806 MEDIUM
Eastnets PaymentSafe <2.5.26.0 - Auth Bypass
CVSS 4.3
CVE-2025-27399 MEDIUM
Mastodon <4.1.23-4.3.4 - Info Disclosure
CVSS 5.3
CVE-2025-23024 MEDIUM
GLPI 0.72-10.0.18 - Unauthenticated Plugin Disabling via install/update.php
CVSS 4.3
CVE-2025-1607 MEDIUM
Best Employee Management System 1.0 - Authorization Bypass via Salary Slip ID Parameter
CVSS 4.3
CVE-2025-1361 HIGH
IP2Location Country Blocker <= 2.38.8 - Unauthenticated Regular Information Exposure via admin_init()
CVSS 7.5
CVE-2025-25196 CRITICAL
OpenFGA < 1.8.5 - Authorization Bypass via Check and ListObject API Calls
CVSS 9.8
CVE-2025-1007 MEDIUM
Eclipse OpenVSX 0.9.0-0.19.1 - Improper Authorization in Namespace Details API
CVSS 5.3
CVE-2025-1226 MEDIUM
yimioa < 2024-07-04 - Improper Authorization in /oa/setup/setup.jsp
CVSS 5.3
CVE-2025-24418 HIGH
Adobe Commerce < 2.4.8-beta1 - Improper Authorization
CVSS 8.1
CVE-2025-21400 HIGH
Microsoft SharePoint Server - Remote Code Execution
CVSS 8.0
CVE-2025-1078 MEDIUM
AppHouseKitchen AlDente Charge Limiter <1.29 - Privilege Escalation
CVSS 5.3
CVE-2025-20125 CRITICAL
Cisco Identity Services Engine - Authenticated Information Disclosure and Configuration Modification via API
CVSS 9.1
CVE-2025-24784 MEDIUM
kubewarden-controller 1.17.0-1.20.x - Improper Authorization via Policy Group Context-Aware Policy Deployment
CVSS 4.3
Details
Vulnerabilities 1,320
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits