CVE-2023-25445

MEDIUM EXPLOITED

HappyFiles Pro < 1.8.1 - Missing Authorization

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-25445 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Missing Authorization vulnerability in HappyFiles HappyFiles Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1.

Scores

CVSS v3 5.4
EPSS 0.0021
EPSS Percentile 11.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2023-03-29
CWE
CWE-862
Status published
Products (1)
HappyFiles/HappyFiles Pro < 1.8.1
Published Dec 21, 2025
Tracked Since Feb 18, 2026