CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,320 vulnerabilities with CWE-287
CVE-2025-67791 CRITICAL
DriveLock 24.1-24.1.*, 24.2-24.2.*, 25.1-25.1.* - Improper Authentication via Incomplete Agent Configuration
CVSS 9.8
CVE-2025-44005 CRITICAL
smallstep certificates < 0.29.0 and Step-CA 0.28.3-0.28.4 - Improper Authentication via ACME/SCEP Provisioner
CVSS 10.0
CVE-2025-14097 HIGH
ABL90 FLEX < 3.5MR11 - Remote Code Execution and Unauthorized Device Management
CVSS 7.2
CVE-2025-14002 HIGH
WPCOM Member <= 1.7.16 - Unauthenticated Authentication Bypass via OTP Brute Force
CVSS 8.1
CVE-2025-14746 MEDIUM
Ningyuanda TC155 57.0.2.0 - Improper Authentication in RTSP Live Video Stream Endpoint
CVSS 4.3
CVE-2025-65781 HIGH
Wekan < 8.16 - Denial of Service and Identity Spoofing via Attachment Upload API
CVSS 8.2
CVE-2025-65431 MEDIUM
allauth < 65.13.0 - Improper Authentication via Mutable preferred_username Identifier
CVSS 5.4
CVE-2025-37731 MEDIUM
Elasticsearch 7.0.0-7.17.28 and 8.0.0-8.19.7 - User Impersonation via PKI Realm Client Certificate
CVSS 6.8
CVE-2025-14703 MEDIUM
sgwbox N3 Firmware < 2.0.25 - Improper Authentication via POST Message Handler
CVSS 5.3
CVE-2025-14567 MEDIUM
haxxorsid stock-management-system < 2018-01-27 - Unauthenticated Missing Authentication in /api/employees
CVSS 5.3
CVE-2025-10684 MEDIUM
Construction Light WordPress <1.6.8 - CSRF
CVSS 4.3
CVE-2025-67507 HIGH
filament 4.0.0-4.3.0 - Authentication Bypass via Recovery Code Reuse
CVSS 8.1
CVE-2025-66039 CRITICAL
FreePBX firmware file upload
CVSS 9.8
CVE-2025-66515 LOW
Nextcloud Approval <1.3.1, 2.5.0 - Privilege Escalation
CVSS 2.7
CVE-2025-12374 CRITICAL
WordPress User Verification <2.0.39 - Auth Bypass
CVSS 9.8
CVE-2025-64055 CRITICAL
Fanvil x210 V2 2.12.20 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2025-59704 MEDIUM
Entrust nShield Connect XC, nShield 5c, and nShield HSMi < 13.6.12 - Unauthenticated BIOS Access via Missing Password
CVSS 4.6
CVE-2025-66022 CRITICAL
OWASP Faction < 1.7.1 - Unauthenticated Remote Code Execution via Malicious Extension Upload
CVSS 9.6
CVE-2025-9803 HIGH
lunary 1.9.34 - Account Takeover via Improper Google OAuth Audience Validation
CVSS 8.8
CVE-2025-63210 CRITICAL
Newtec Celox UHD CELOXA504 and CELOXA820 Firmware - Authentication Bypass via /celoxservice Response Injection
CVSS 9.8
CVE-2025-63207 CRITICAL
R.V.R Elettronica TEX - Auth Bypass
CVSS 9.8
CVE-2025-63224 CRITICAL
Itel DAB Encoder <25aec8d - Auth Bypass
CVSS 10.0
CVE-2025-63216 CRITICAL
Itel DAB Gateway Firmware - Authentication Bypass via JWT Token Reuse
CVSS 10.0
CVE-2025-64717 CRITICAL
ZITADEL 2.50.0-2.71.18, 4.0.0-rc.1-4.6.5 - Unauthenticated Account Takeover via Federation Auto-Linking Bypass
CVSS 9.8
CVE-2025-64517 MEDIUM
sudo-rs 0.2.5-0.2.9 - Authentication Bypass via Incorrect Timestamp UID
CVSS 4.4
Details
Vulnerabilities 4,320
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits