Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-441

CWE-441

Unintended Proxy or Intermediary ('Confused Deputy')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

92 vulnerabilities with CWE-441

CVE-2025-48545 HIGH

Android - Local Privilege Escalation via AccountManagerService Confused Deputy

CVE-2025-48532 HIGH

markMediaAsFavorite - Privilege Escalation

CVE-2025-48529 MEDIUM

VoicemailNotificationSettingsUtil - Info Disclosure

CVE-2025-32346 HIGH

VoicemailSettingsActivity - Privilege Escalation

CVE-2025-32326 HIGH

AppRestrictionsFragment - Privilege Escalation

CVE-2025-32324 HIGH

Android - Unintended Proxy or Intermediary in ActivityManagerShellCommand

CVE-2025-32321 HIGH

Android - Local Privilege Escalation via Confused Deputy in AccountTypePreferenceLoader

CVE-2025-26454 HIGH

Android - Local Privilege Escalation via DisclaimersParserImpl Confused Deputy

CVE-2025-22441 HIGH

Android - Local Privilege Escalation via RemoteViews Confused Deputy

CVE-2025-26452 HIGH

Android - Local Privilege Escalation via Confused Deputy in ResourcesImpl

CVE-2025-22418 HIGH

Multiple Locations - Privilege Escalation

CVE-2025-22416 HIGH

Android - Unintended Proxy or Intermediary in ChooserActivity

CVE-2025-48710 MEDIUM

kro 0.1.0-0.2.1 - Attacker-Controlled Container Image Execution

CVE-2025-47269 HIGH

code-server < 4.99.4 - Unintended Proxy via Malicious URL

CVE-2025-25061 MEDIUM

HMI ViewJet/HMI GC-A2 - Info Disclosure

CVE-2025-25306 CRITICAL

Misskey < 2025.2.1 - Unintended Proxy via ActivityPub Object Field Validation Bypass

CVE-2025-23217 HIGH

mitmproxy < 11.1.2 - Server-Side Request Forgery via Proxy to Internal API

CVE-2024-9870 MEDIUM

GitLab 15.11-17.6.5, 17.7-17.7.4, 17.8-17.8.2 - Server-Side Request Forgery

CVE-2024-30128 HIGH

HCL Nomad Server on Domino - Open Proxy IP Masking

CVE-2024-31319 HIGH

Android - Local Privilege Escalation via Notification Channel Update Confused Deputy

CVE-2024-34068 MEDIUM

Pterodactyl Panel <1.11.2 - Auth Bypass

CVE-2023-31313 HIGH

AMD PMFW - Privileged SMU Message Arbitrary Code Execution

CVE-2023-40111 HIGH

Android - Local Privilege Escalation via MediaSessionRecord Confused Deputy

CVE-2023-33188 MEDIUM

Omni-notes < 6.2.6 - Unintended File Copy via Insufficient Path Validation

CVE-2023-21082 MEDIUM

Android - Local Information Disclosure via Confused Deputy in NewOutgoingCallIntentBroadcaster

Previous Page 3 of 4 Next

Details

Vulnerabilities 92

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy