CWE-425

Direct Request ('Forced Browsing')

Parent: CWE-862 - Missing Authorization

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

226 vulnerabilities with CWE-425
CVE-2025-11280 LOW
Frappe LMS 2.35.0 - Direct Request in Assignment Picture Handler
CVSS 3.7
CVE-2025-59797 MEDIUM
Profession Fit 5.0.99 Build 44910 - Auth Bypass
CVSS 5.8
CVE-2025-10287 LOW
roncoo-pay <=9428382af21cd5568319eae7429b7e1d0332ff40 orderQuery - Direct Request
CVSS 3.1
CVE-2025-31971 MEDIUM
HCL Software AIML Solutions for SX - Server-Side Request Forgery via URL Validation Bypass
CVSS 5.1
CVE-2025-55736 MEDIUM
flaskBlog <2.8.0 - Privilege Escalation
CVSS 6.5
CVE-2025-41404 MEDIUM
iroha Board <v0.10.12 - Info Disclosure
CVSS 4.3
CVE-2025-53073 MEDIUM
Sentry 25.1.0-25.5.1 - Info Disclosure
CVSS 4.2
CVE-2025-52920 MEDIUM
InnoShop <= 0.4.1 - Insecure Direct Object Reference via Order ID and Address ID Parameters
CVSS 6.4
CVE-2025-6352 MEDIUM
code-projects Automated Voting System 1.0 - Direct Request
CVSS 5.3
CVE-2025-48207 HIGH
TYPO3 reint_downloadmanager <5.0.0 - Info Disclosure
CVSS 8.6
CVE-2025-48205 HIGH
TYPO3 sr_feuser_register <12.4.8 - Info Disclosure
CVSS 8.6
CVE-2025-48202 MEDIUM
TYPO3 femanager <8.2.1 - Info Disclosure
CVSS 5.3
CVE-2025-48201 HIGH
TYPO3 ns_backup <13.0.0 - Info Disclosure
CVSS 8.6
CVE-2025-47226 MEDIUM
Grokability Snipe-IT <8.1.0 - Info Disclosure
CVSS 5.0
CVE-2025-46690 MEDIUM
Ververica Platform 2.14.0 - SQL Injection
CVSS 5.0
CVE-2025-27581 MEDIUM
NIH BRICS <14.0.0-67 - Info Disclosure
CVSS 4.3
CVE-2025-2595 MEDIUM
CODESYS Visualization - Auth Bypass
CVSS 5.3
CVE-2025-32367 HIGH
Oz Forensics <4.0.8 - Info Disclosure
CVSS 8.6
CVE-2025-26689 CRITICAL
CHOCO TEI WATCHER mini - Info Disclosure
CVSS 9.8
CVE-2025-1542 CRITICAL
OXARI ServiceDesk <2.0.324.0 - Privilege Escalation
CVE-2025-2147 MEDIUM
Beijing Zhide Intelligent Internet Technology Modern Farm Digital I...
CVSS 5.3
CVE-2024-58343 MEDIUM
Vision Helpdesk <5.7.0 - Deserialization
CVSS 4.3
CVE-2024-55075 MEDIUM
grocy < 4.3.0 - Unauthenticated Sensitive Information Exposure via Direct Request
CVSS 4.3
CVE-2024-9945 MEDIUM
Fortra's GoAnywhere MFT <7.7.0 - Info Disclosure
CVSS 5.3
CVE-2024-11049 LOW
ZKTeco ZKBio Time 9.0.1 - Direct Request in Image File Handler
CVSS 3.7
Details
Vulnerabilities 226
Links
MITRE CWE Entry Search this CWE With Exploits