CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

569 vulnerabilities with CWE-288
CVE-2025-24332 HIGH
Nokia Single RAN AirScale - Privilege Escalation
CVSS 7.1
CVE-2025-53099 HIGH
Sentry < 25.5.0 - Authentication Bypass via OAuth Authorization Code Race Condition
CVSS 7.5
CVE-2025-25171 HIGH
ThemesGrove WP SmartPay <2.7.13 - Auth Bypass
CVSS 8.8
CVE-2025-6688 CRITICAL
idokd simple_payment 1.3.6-2.3.8 - Unauthenticated Authentication Bypass via create_user() Function
CVSS 9.8
CVE-2025-6675 MEDIUM
miniorange_2fa < 4.8.0 - Authentication Bypass via Alternate Path
CVSS 4.8
CVE-2025-6556 MEDIUM
Google Chrome <138.0.7204.49 - Auth Bypass
CVSS 5.4
CVE-2025-32976 HIGH
Quest KACE SMA <14.1.101 (Patch 4) - Auth Bypass
CVSS 8.8
CVE-2025-5820 HIGH
Sony XAV-AX8500 Firmware >=2.00.1 <3.02.00 - Unauthenticated Authentication Bypass via Bluetooth ERTM Channel
CVSS 8.8
CVE-2025-51381 CRITICAL
KAON KCM3100 <= 1.4.2 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2025-49125 HIGH
Apache Tomcat 9.0.0-9.0.105, 10.1.0-M1-10.1.41, 11.0.0-M1-11.0.7 - Authentication Bypass
CVSS 7.5
CVE-2025-4973 CRITICAL
Workreap <= 3.3.1 - Unauthenticated Authentication Bypass via Email Verification
CVSS 9.8
CVE-2025-30184 CRITICAL
CyberData 011209 Intercom - Info Disclosure
CVSS 9.8
CVE-2025-31022 CRITICAL
PayU PayU India <3.8.8 - Auth Bypass
CVSS 9.8
CVE-2025-31019 HIGH
miniOrange Password Policy Manager <2.0.4 - Auth Bypass
CVSS 8.8
CVE-2025-48904 MEDIUM
HarmonyOS - Unauthorized API Access in FRS Process
CVSS 4.4
CVE-2025-4797 CRITICAL
Golo - City Travel Guide WordPress Theme <1.7.0 - Privilege Escalation
CVSS 9.8
CVE-2025-5190 HIGH
Browse As plugin <0.2 - Auth Bypass
CVSS 8.8
CVE-2025-4687 HIGH
Teltonika Networks RMS <5.7 - Privilege Escalation
CVE-2025-48926 MEDIUM
TeleMessage < 2025-05-05 - Unauthenticated Authentication Bypass via Admin Panel
CVSS 4.3
CVE-2025-47461 HIGH
mediaticus Subaccounts for WooCommerce <1.6.6 - Auth Bypass
CVSS 8.8
CVE-2025-34026 HIGH KEV
Versa Concerto <12.2.0 - Auth Bypass
CVSS 7.5
CVE-2025-46412 CRITICAL
Vertiv Liebert RDU101 < 1.9.0.0 and Liebert IS-UNITY < 8.4.1.0 - Authentication Bypass
CVSS 9.8
CVE-2025-48011 MEDIUM
Drupal One Time Password < 8.x-1.3 - Authentication Bypass via Alternate Path
CVSS 4.8
CVE-2025-48010 MEDIUM
Drupal One Time Password 8.x-1.0-8.x-1.2 - Authentication Bypass
CVSS 4.8
CVE-2025-47941 HIGH
TYPO3 <12.4.31 LTS & <13.4.2 LTS - Auth Bypass
CVSS 7.2
Details
Vulnerabilities 569
Links
MITRE CWE Entry Search this CWE With Exploits