CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,320 vulnerabilities with CWE-287
CVE-2025-12998 HIGH
TYPO3 Extension Modules <4.3.11-5.7.4-6.4.2-7.5.5 - Auth Bypass
CVE-2025-64513 CRITICAL
Milvus < 2.4.24, 2.5.0-2.5.20, 2.6.0-2.6.4 - Unauthenticated Authentication Bypass in Proxy Component
CVE-2025-64434 MEDIUM
kubevirt < 1.5.3 - Improper Authentication via Shared Credentials
CVSS 4.7
CVE-2025-64432 MEDIUM
KubeVirt < 1.5.3 and 1.6.0 - Improper Certificate Validation in mTLS Authentication
CVSS 4.7
CVE-2025-3222 CRITICAL
GE Vernova Smallworld <5.3.3-5.3.4 - Auth Bypass
CVE-2025-20730 MEDIUM
Yocto - Local Privilege Escalation via Insecure Default Preloader Value
CVSS 6.7
CVE-2025-64103 CRITICAL
Zitadel 2.53.6-2.53.8, 2.54.3, 2.55.0 - Improper Authentication via MFA Bypass
CVSS 9.8
CVE-2025-60424 HIGH
Nagios Fusion <2024R2 - Auth Bypass
CVSS 7.6
CVE-2025-62717 CRITICAL
emlog 2.5.23 - Improper Authentication via Session Verification Code Reuse
CVSS 9.1
CVE-2025-43995 CRITICAL
Dell Storage Manager 20.1.21 - Unauthenticated Authentication Bypass via ApiProxy.war SessionKey
CVSS 9.8
CVE-2025-6979 HIGH
Arista Edge Threat Management - Arista Next Generation Firewall < 17.3.1 - Authentication Bypass via Captive Portal
CVSS 8.8
CVE-2025-62169 HIGH
OctoPrint-SpoolManager <1.8.0a3, <1.7.8 - Auth Bypass
CVSS 8.1
CVE-2025-62398 MEDIUM
Moodle 4.4.0-4.4.10 and 5.0.0-beta-5.0.2 - Authenticated Multi-Factor Authentication Bypass
CVSS 5.4
CVE-2025-56447 CRITICAL
TM2 Monitoring v3.04 - Auth Bypass, Info Disclosure
CVSS 9.8
CVE-2025-41110 HIGH
Ghost Robotics Vision 60 v0.27.2 - Improper Authentication via Hardcoded WiFi and SSH Credentials
CVSS 8.8
CVE-2025-41108 CRITICAL
Ghost Robotics Vision 60 v0.27.2 - Unauthenticated Remote Command Execution via MAVLink Protocol
CVSS 9.8
CVE-2025-60772 CRITICAL
NETLINK HG322G V1.0.00-231017 - Privilege Escalation
CVSS 9.8
CVE-2025-11625 CRITICAL
wolfssh < 1.4.20 - Improper Host Authentication
CVSS 9.8
CVE-2025-11942 HIGH
70mai X200 Firmware < 2025-10-10 - Improper Authentication in Pairing
CVSS 7.3
CVE-2025-11852 MEDIUM
Apeman ID71 218.53.203.117 - Unauthenticated Improper Authentication in ONVIF Service
CVSS 5.3
CVE-2025-61922 CRITICAL
PrestaShop Checkout 1.3.0-4.4.0 and 5.0.0-5.0.4 - Account Takeover via Express Checkout Email Validation Bypass
CVSS 9.1
CVE-2025-43281 HIGH
macOS Sequoia <15.6 - Privilege Escalation
CVSS 7.8
CVE-2025-10293 HIGH
Keyy Two Factor Authentication (like Clef) plugin for WordPress <1....
CVSS 8.8
CVE-2025-62376 CRITICAL
pwn.college DOJO - Improper Authentication
CVE-2025-59280 LOW
Windows 10 1507-22H2, Windows 11 22H2-24H2, Windows Server 2008 - Unauthenticated SMB Tampering
CVSS 3.1
Details
Vulnerabilities 4,320
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits