CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

568 vulnerabilities with CWE-288
CVE-2025-67041 CRITICAL
Lantronix EDS3000PS 3.1.0.0R2 - Command Injection
CVSS 9.8
CVE-2025-67039 CRITICAL
Lantronix EDS3000PS 3.1.0.0R2 - Auth Bypass
CVSS 9.1
CVE-2025-69985 CRITICAL
FUXA < 1.2.8 - Unauthenticated Authentication Bypass and Remote Code Execution via Referer Header Spoofing
CVSS 9.8
CVE-2025-68895 MEDIUM
AhaChat Messenger Marketing <=1.1 - Auth Bypass
CVSS 6.5
CVE-2025-67998 HIGH
Miraculous Elementor <=2.0.7 - Auth Bypass
CVSS 8.8
CVE-2025-13986 MEDIUM
Drupal Disable Login Page < 1.1.3 - Authentication Bypass via Alternate Path
CVSS 4.2
CVE-2025-13980 MEDIUM
CKEditor 5 Premium Features < 1.2.10, 1.3.0-1.3.5, 1.4.0-1.4.2, 1.5.0, 1.6.0-1.6.3 - Authentication Bypass
CVSS 5.3
CVE-2025-21589 CRITICAL
Juniper Networks Session Smart Router <5.6.17-6.1.12-lts-6.2.8-lts-...
CVSS 9.8
CVE-2025-69101 CRITICAL
AmentoTech Workreap Core <3.4.0 - Auth Bypass
CVSS 9.8
CVE-2025-10484 CRITICAL
WooCommerce Registration & Login with Mobile Phone Number <= 1.3.1 - Authentication Bypass
CVSS 9.8
CVE-2025-68707 HIGH
Tongyu AX1800 Wi-Fi 6 Router 1.0.0 - Auth Bypass
CVSS 8.8
CVE-2025-46286 MEDIUM
iPadOS < 26.2 - Authentication Bypass via Backup Restore
CVSS 4.3
CVE-2025-67070 HIGH
Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T - Auth Bypass
CVSS 8.2
CVE-2025-67282 MEDIUM
TIM BPM Suite/TIM FLOW <9.1.2 - Privilege Escalation
CVSS 5.4
CVE-2025-67915 HIGH
Arraytics Timetics <1.0.47 - Auth Bypass
CVSS 8.8
CVE-2025-23504 CRITICAL
RiceTheme Felan Framework <1.1.4 - Auth Bypass
CVSS 9.8
CVE-2025-3652 MEDIUM
Petlibro < 1.7.31 - Unauthenticated Audio Recording Access via Insecure API Endpoint
CVSS 5.3
CVE-2025-64121 CRITICAL
Nuvation Energy MSC <2.5.1 - Auth Bypass
CVSS 9.8
CVE-2025-68620 CRITICAL
Signal K Server <2.19.0 - Auth Bypass
CVSS 9.1
CVE-2025-15102 CRITICAL
DVP-12SE11T Firmware < 2.16 - Authentication Bypass via Password Protection Bypass
CVSS 9.1
CVE-2025-68860 CRITICAL
Mobile builder <1.4.2 - Auth Bypass
CVSS 9.8
CVE-2025-64236 CRITICAL
AmentoTech Tuturn <3.6 - Auth Bypass
CVSS 9.8
CVE-2025-14714 MEDIUM
LibreOffice 25.2.0.1-25.2.4.1 - Authentication Bypass via Bundled Python Interpreter
CVSS 6.5
CVE-2025-11984 MEDIUM
GitLab CE/EE <18.4.6-18.6.2 - Auth Bypass
CVSS 6.8
CVE-2025-67507 HIGH
filament 4.0.0-4.3.0 - Authentication Bypass via Recovery Code Reuse
CVSS 8.1
Details
Vulnerabilities 568
Links
MITRE CWE Entry Search this CWE With Exploits