CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

569 vulnerabilities with CWE-288
CVE-2025-11534 CRITICAL
Raisecomm RAX701-GC-WP-01 SSH Authentication Bypass
CVE-2025-58133 MEDIUM
Zoom Rooms < 6.5.1 - Unauthenticated Authentication Bypass
CVSS 5.3
CVE-2025-9967 CRITICAL
Orion SMS OTP Verification <1.1.7 - Privilege Escalation
CVSS 9.8
CVE-2025-10294 CRITICAL
OwnID Passwordless Login <1.3.4 - Auth Bypass
CVSS 9.8
CVE-2025-55338 MEDIUM
Windows BitLocker - Privilege Escalation
CVSS 6.1
CVE-2025-8093 HIGH
Authenticator Login < 2.1.8 - Authentication Bypass
CVSS 8.8
CVE-2025-11522 CRITICAL
Search & Go - Directory WordPress Theme <2.7 - Auth Bypass
CVSS 9.8
CVE-2025-34251 HIGH
Tesla Telematics Control Unit (TCU) < 2025.14 - Unauthenticated Privilege Escalation via ADB File Write
CVE-2025-9914 MEDIUM
SICK AG Baggage Analytics < 4.6.3 - Authentication Bypass via Local Database Credentials
CVSS 4.3
CVE-2025-61673 HIGH
Karapace 5.0.0-5.0.1 - Unauthenticated Authentication Bypass via Missing Authorization Header
CVSS 8.6
CVE-2025-6388 CRITICAL
Spirit Framework plugin - Auth Bypass
CVSS 9.8
CVE-2025-10653 HIGH
Unspecified Product <Version> - Info Disclosure
CVSS 8.6
CVE-2025-22862 MEDIUM
FortiOS 7.0.6-7.4.7 and FortiProxy 7.0.5-7.6.2 - Authenticated Privilege Escalation via Automation Stitch Webhook Action
CVSS 6.7
CVE-2025-61733 HIGH
Apache Kylin 4.0.0-5.0.2 - Authentication Bypass Using an Alternate Path or Channel
CVSS 7.5
CVE-2025-10538 HIGH
LG Innotek Camera Models LND7210 and LNV7210R - Authentication Bypass
CVE-2025-7038 HIGH
LatePoint Calendar Booking Plugin <= 5.1.94 - Unauthenticated Authentication Bypass
CVSS 8.2
CVE-2025-5955 HIGH
Service Finder SMS System <2.0.0 - Auth Bypass
CVSS 8.1
CVE-2025-10531 MEDIUM
Firefox <143 - Privilege Escalation
CVSS 5.4
CVE-2025-8359 CRITICAL
AdForest theme <6.0.9 - Auth Bypass
CVSS 9.8
CVE-2025-57819 CRITICAL KEV
FreePBX 15.0-15.0.65 - Unauthenticated Authentication Bypass and Remote Code Execution
CVSS 9.8
CVE-2025-54738 CRITICAL
NooTheme Jobmonster <4.7.9 - Auth Bypass
CVSS 9.8
CVE-2025-54725 CRITICAL
Golo <= 1.7.0 - Authentication Bypass via Alternate Path
CVSS 9.8
CVE-2025-34520 CRITICAL
Arcserve UDP < 10.2 - Unauthenticated Authentication Bypass via Request Parameter Manipulation
CVSS 9.8
CVE-2025-5821 CRITICAL
Case Theme User <1.0.3 - Auth Bypass
CVSS 9.8
CVE-2025-5060 HIGH
Bravis User <= 1.0.1 - Authentication Bypass via Facebook Login Callback
CVSS 8.1
Details
Vulnerabilities 569
Links
MITRE CWE Entry Search this CWE With Exploits