Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-12445

Summary
Assigner-Chrome
Assigner Org ID-ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At-10 Nov, 2025 | 20:00
Updated At-12 Nov, 2025 | 21:02
Rejected At-
Credits

Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Chrome
Assigner Org ID:ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At:10 Nov, 2025 | 20:00
Updated At:12 Nov, 2025 | 21:02
Rejected At:
▼CVE Numbering Authority (CNA)

Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

Affected Products
Vendor
Google LLCGoogle
Product
Chrome
Versions
Affected
  • From 142.0.7444.59 before 142.0.7444.59 (custom)
Problem Types
TypeCWE IDDescription
N/AN/APolicy bypass
Type: N/A
CWE ID: N/A
Description: Policy bypass
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
N/A
https://issues.chromium.org/issues/428397712
N/A
Hyperlink: https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
Resource: N/A
Hyperlink: https://issues.chromium.org/issues/428397712
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-288CWE-288 Authentication Bypass Using an Alternate Path or Channel
Type: CWE
CWE ID: CWE-288
Description: CWE-288 Authentication Bypass Using an Alternate Path or Channel
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:chrome-cve-admin@google.com
Published At:10 Nov, 2025 | 20:15
Updated At:13 Nov, 2025 | 15:21

Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CPE Matches
Google LLC
google
>>chrome>>Versions before 142.0.7444.59(exclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>-
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-288Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-288
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.htmlchrome-cve-admin@google.com
Release Notes
Vendor Advisory
https://issues.chromium.org/issues/428397712chrome-cve-admin@google.com
Issue Tracking
Permissions Required
Hyperlink: https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
Source: chrome-cve-admin@google.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://issues.chromium.org/issues/428397712
Source: chrome-cve-admin@google.com
Resource:
Issue Tracking
Permissions Required

Change History

0
Information is not available yet

Similar CVEs

58Records found
CVE-2023-23503
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.05%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-12 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3. An app may be able to bypass Privacy preferences.

Action-Not Available
Vendor-Apple Inc.
Product-tvosmacosiphone_osipadoswatchoswatchOSmacOStvOSiOS and iPadOS
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2023-21098
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.27%
||
7 Day CHG~0.00%
Published-19 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260567867

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-7125
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.10%
||
7 Day CHG~0.00%
Published-27 Aug, 2024 | 04:15
Updated-21 Jan, 2025 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass Vulnerability in Hitachi Ops Center Common Services

Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01.

Action-Not Available
Vendor-Linux Kernel Organization, IncHitachi, Ltd.
Product-ops_center_common_serviceslinux_kernelHitachi Ops Center Common Servicesops_center_common_services
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-26634
Matching Score-6
Assigner-KrCERT/CC
ShareView Details
Matching Score-6
Assigner-KrCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 65.30%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 14:59
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Maxboard multiple vulnerabilities

SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell.

Action-Not Available
Vendor-maxbMax YiLinux Kernel Organization, Inc
Product-linux_kernelmaxboardMaxboard
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-1637
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.2||HIGH
EPSS-0.19% / 40.35%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 19:26
Updated-16 Sep, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: Unified Access Control (UAC) bypass vulnerability

A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. This issue might occur when the IP address range configured in the Infranet Controller (IC) is configured as an IP address range instead of an IP address/netmask. See the Workaround section for more detail. The Junos OS Enforcer CLI settings are disabled by default. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D100; 15.1X49 versions prior to 15.1X49-D210; 17.3 versions prior to 17.3R2-S5, 17.3R3-S8; 17.4 versions prior to 17.4R2-S9, 17.4R3-S1; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2-S1, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2024-5620
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 18.81%
||
7 Day CHG~0.00%
Published-18 Jul, 2024 | 17:00
Updated-01 Aug, 2024 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass in PruvaSoft Informatics' Apinizer Management Console

Authentication Bypass Using an Alternate Path or Channel vulnerability in PruvaSoft Informatics Apinizer Management Console allows Authentication Bypass.This issue affects Apinizer Management Console: before 2024.05.1.

Action-Not Available
Vendor-PruvaSoft Informaticsapinizer
Product-Apinizer Management Consoleapinizer
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2023-20018
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.46% / 63.84%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 01:35
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ip_phone_8841ip_phones_8832_firmwareunified_ip_phone_8865nrip_phone_8832ip_phone_8861ip_phone_8831_firmwareip_phone_8831ip_phone_8845_firmwareip_phone_7841ip_phones_8832ip_phone_7811_firmwareip_phone_8811wireless_ip_phone_8821-ex_firmwareip_phone_7800ip_phone_7832ip_phone_8811_firmwareip_phone_8821ip_phone_7861_firmwareip_phone_8821_firmwareip_phone_8845ip_phone_8821-exip_phone_8851_firmwareip_phone_7800_firmwareip_phone_7821_firmwareip_phone_8841_firmwareip_phone_8865_firmwareip_phone_8865unified_ip_phone_8851nrip_phone_8821-ex_firmwareip_phone_7841_firmwareip_phone_8832_firmwarewireless_ip_phone_8821-exunified_ip_phone_8851nr_firmwareip_phone_7832_firmwareip_phone_7811ip_phone_7861ip_phone_8851ip_phone_8800ip_phone_8861_firmwarewireless_ip_phone_8821ip_phone_7821wireless_ip_phone_8821_firmwareunified_ip_phone_8865nr_firmwareip_phone_8800_firmwareCisco Session Initiation Protocol (SIP) Software
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-0948
Matching Score-4
Assigner-Drupal.org
ShareView Details
Matching Score-4
Assigner-Drupal.org
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 14.18%
||
7 Day CHG+0.01%
Published-04 Feb, 2026 | 20:26
Updated-11 Feb, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Entra ID SSO Login - Critical - Access bypass - SA-CONTRIB-2026-005

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4.

Action-Not Available
Vendor-jaseerkinangattilThe Drupal Association
Product-microsoft_entra_id_sso_loginMicrosoft Entra ID SSO Login
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
  • Previous
  • 1
  • 2
  • Next
Details not found