CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

568 vulnerabilities with CWE-288
CVE-2025-66200 MEDIUM
Apache HTTP Server <2.4.66 - Auth Bypass
CVSS 5.4
CVE-2025-66238 HIGH
Sunbird DCIM dcTrack < 9.2.0 and >= 9.2.3 - Authenticated Network Traffic Redirection via Virtual Console
CVSS 7.2
CVE-2025-13539 CRITICAL
FindAll Membership <1.0.4 - Auth Bypass
CVSS 9.8
CVE-2025-10571 CRITICAL
ABB Ability Edgenius <3.2.1.1 - Auth Bypass
CVSS 9.6
CVE-2025-63217 CRITICAL
Itel ID MUX Firmware - Authentication Bypass via JWT Token Reuse
CVSS 9.8
CVE-2025-12760 MEDIUM
Drupal Email TFA <2.0.6 - Auth Bypass
CVSS 5.4
CVE-2025-64530 HIGH
Apollo Federation <2.9.5-2.12.1 - Auth Bypass
CVSS 7.5
CVE-2025-59367 CRITICAL
ASUS DSL-AC51, DSL-N16, and DSL-AC750 Firmware < 1.1.2.3_1010 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2025-64281 CRITICAL
CentralSquare Community Development 19.5.7 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2025-13018 HIGH
Firefox < 145 - Firefox ESR < 140.5 - Thunderbird < 145 - Thunderbi...
CVSS 8.1
CVE-2025-13013 MEDIUM
Firefox < 145 - Firefox ESR < 140.5-115.30 - Mitigation Bypass
CVSS 6.1
CVE-2025-12445 MEDIUM
Google Chrome <142.0.7444.59 - CSRF
CVSS 6.5
CVE-2025-12431 MEDIUM
Google Chrome <142.0.7444.59 - Auth Bypass
CVSS 6.5
CVE-2025-64173 HIGH
Apollo Router Core <2.8.1-rc.0 - Info Disclosure
CVSS 7.5
CVE-2025-62064 CRITICAL
Elated-Themes Search & Go <2.7 - Auth Bypass
CVSS 9.8
CVE-2025-59392 MEDIUM
Elspec G5 <1.2.2.19 - Privilege Escalation
CVSS 6.8
CVE-2025-43436 HIGH
tvOS 26.1- iPadOS 26.1 - Info Disclosure
CVSS 7.5
CVE-2025-43422 MEDIUM
iPadOS < 26.1 - Authentication Bypass via Stolen Device Protection Disabling
CVSS 4.6
CVE-2025-5397 CRITICAL
Noo JobMonster <4.8.1 - Auth Bypass
CVSS 9.8
CVE-2025-12466 HIGH
Drupal Simple OAuth 6.0.0-6.0.6 - Authentication Bypass
CVSS 7.5
CVE-2025-9313 CRITICAL
Asseco mMedica <11.9.5 - Info Disclosure
CVE-2025-11621 HIGH
HashiCorp Vault 0.6.0-1.16.26, 1.17.0-1.20.4, 1.21.0 - Authentication Bypass via AWS Auth Method Cache Mishandling
CVSS 8.1
CVE-2025-60041 HIGH
Iulia Cazan Emails Catch All <3.5.3 - Auth Bypass
CVSS 8.8
CVE-2025-49901 CRITICAL
quantumcloud Simple Link Directory <14.8.1 - Auth Bypass
CVSS 9.8
CVE-2025-11534 CRITICAL
Raisecomm RAX701-GC-WP-01 SSH Authentication Bypass
Details
Vulnerabilities 568
Links
MITRE CWE Entry Search this CWE With Exploits