Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-441

CWE-441

Unintended Proxy or Intermediary ('Confused Deputy')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

80 vulnerabilities with CWE-441

CVE-2025-36889 MEDIUM

Google Android - Information Disclosure

CVE-2025-48628 HIGH

PrintManagerService - Privilege Escalation

CVE-2025-48598 MEDIUM

Face Unlock Settings - Privilege Escalation

CVE-2025-48586 HIGH

EditFdnContactScreen - Info Disclosure

CVE-2025-48555 HIGH

NotificationStation - Info Disclosure

CVE-2025-48536 HIGH

SettingsSliceProvider - Privilege Escalation

CVE-2025-22420 HIGH

Multiple Locations - Info Disclosure

CVE-2025-66415 MEDIUM

Fastify-reply-from <12.5.0 - SSRF

CVE-2025-61780 MEDIUM

Rack < 2.2.20 - Information Disclosure

CVE-2025-32320 HIGH

System UI - Privilege Escalation

CVE-2025-32317 MEDIUM

Google Android - Information Disclosure

CVE-2025-48560 MEDIUM

AndroidManifest.xml - Info Disclosure

CVE-2025-48551 MEDIUM

Android - Info Disclosure

CVE-2025-48545 HIGH

Android - Privilege Escalation

CVE-2025-48532 HIGH

markMediaAsFavorite - Privilege Escalation

CVE-2025-48529 MEDIUM

VoicemailNotificationSettingsUtil - Info Disclosure

CVE-2025-32346 HIGH

VoicemailSettingsActivity - Privilege Escalation

CVE-2025-32326 HIGH

AppRestrictionsFragment - Privilege Escalation

CVE-2025-32324 HIGH

Java - Privilege Escalation

CVE-2025-32321 HIGH

Android - Privilege Escalation

CVE-2025-26454 HIGH

Java - Privilege Escalation

CVE-2025-22441 HIGH

Java - Privilege Escalation

CVE-2025-26452 HIGH

Android - Privilege Escalation

CVE-2025-22418 HIGH

Multiple Locations - Privilege Escalation

CVE-2025-22416 HIGH

ChooserActivity - Info Disclosure

Previous Page 2 of 4 Next

Details

Vulnerabilities 80

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy