Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-27581

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Apr, 2025 | 00:00
Updated At-24 Apr, 2025 | 14:54
Rejected At-
Credits

NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Apr, 2025 | 00:00
Updated At:24 Apr, 2025 | 14:54
Rejected At:
▼CVE Numbering Authority (CNA)

NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints.

Affected Products
Vendor
NIH
Product
BRICS
Default Status
unknown
Versions
Affected
  • From 0 through 14.0.0-67 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-425CWE-425 Direct Request ('Forced Browsing')
Type: CWE
CWE ID: CWE-425
Description: CWE-425 Direct Request ('Forced Browsing')
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/brics-dev/brics
N/A
https://brics.cit.nih.gov
N/A
https://github.com/RoseHacks/Vulnerability.Research/blob/main/CVE-2025-27581/README.md
N/A
Hyperlink: https://github.com/brics-dev/brics
Resource: N/A
Hyperlink: https://brics.cit.nih.gov
Resource: N/A
Hyperlink: https://github.com/RoseHacks/Vulnerability.Research/blob/main/CVE-2025-27581/README.md
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:24 Apr, 2025 | 00:15
Updated At:29 Apr, 2025 | 13:52

NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-425Secondarycve@mitre.org
CWE ID: CWE-425
Type: Secondary
Source: cve@mitre.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://brics.cit.nih.govcve@mitre.org
N/A
https://github.com/RoseHacks/Vulnerability.Research/blob/main/CVE-2025-27581/README.mdcve@mitre.org
N/A
https://github.com/brics-dev/bricscve@mitre.org
N/A
Hyperlink: https://brics.cit.nih.gov
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/RoseHacks/Vulnerability.Research/blob/main/CVE-2025-27581/README.md
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/brics-dev/brics
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2023-22834
Matching Score-4
Assigner-Palantir Technologies
ShareView Details
Matching Score-4
Assigner-Palantir Technologies
CVSS Score-2.7||LOW
EPSS-0.04% / 9.48%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 23:06
Updated-07 Nov, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The contour service was not checking that users had permission to create an analysis for a given dataset

The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.

Action-Not Available
Vendor-palantirPalantir
Product-contourcom.palantir.contour:contour-dispatch
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CWE ID-CWE-862
Missing Authorization
CVE-2024-0456
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.60%
||
7 Day CHG~0.00%
Published-26 Jan, 2024 | 01:02
Updated-29 May, 2025 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Direct Request ('Forced Browsing') in GitLab

An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2024-0861
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 4.11%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 23:30
Updated-22 May, 2025 | 04:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Direct Request ('Forced Browsing') in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contrary to permissions.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2023-44320
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.77%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 11:03
Updated-11 Feb, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator.

Action-Not Available
Vendor-Siemens AG
Product-6gk5213-3bd00-2ab26gk5213-3bf00-2ab2_firmware6gk5208-0ga00-2fc2_firmware6gk5208-0ua00-5es66gk5208-0ba00-2ac2_firmware6gk5205-3bf00-2tb2_firmware6gk5328-4ss00-2ar3_firmware6gk5216-4gs00-2ac26gk5224-4gs00-2tc26gk5205-3bb00-2tb2_firmware6gk5326-2qs00-3ar3_firmware6gk5216-4gs00-2fc2_firmware6gk5328-4fs00-3ar3_firmware6gk5328-4fs00-3rr36gk5216-0ba00-2ab26gk5328-4fs00-3rr3_firmware6gk5208-0ha00-2es6_firmware6gk5204-0ba00-2gf2_firmware6gk5213-3bf00-2ab26gk5206-2bs00-2ac26gk5213-3bb00-2tb2_firmware6gk5204-2aa00-2yf26ag1206-2bs00-7ac26gk5208-0ba00-2ab26gk5208-0ba00-2tb26gk5205-3bd00-2ab26gk5216-0ba00-2fc2_firmware6gk5216-0ha00-2as66gk5205-3bf00-2ab2_firmware6gk5216-0ua00-5es66gk5328-4fs00-2ar3_firmware6gk5224-4gs00-2fc2_firmware6gk5204-0ba00-2gf26gk5205-3bf00-2ab26gk5208-0ga00-2tc26gk5206-2bs00-2fc26gk5206-2gs00-2ac2_firmware6gk5208-0ha00-2es66gk5208-0ba00-2ab2_firmware6gk5216-3rs00-5ac2_firmware6gk5208-0ua00-5es6_firmware6gk5324-0ba00-2ar36gk5328-4fs00-2rr36gk5206-2rs00-2ac2_firmware6gk5208-0ba00-2fc2_firmware6gk5206-2rs00-5ac26gk5224-0ba00-2ac2_firmware6gk5224-4gs00-2ac2_firmware6gk5206-2gs00-2fc2_firmware6gk5208-0ha00-2as6_firmware6gk5205-3bd00-2ab2_firmware6ag1206-2bb00-7ac26ag1216-4bs00-7ac2_firmware6gk5205-3bb00-2tb26gk5324-0ba00-3ar36gk5206-2bd00-2ac26gk5326-2qs00-3rr3_firmware6gk5208-0ha00-2ts6_firmware6gk5206-2rs00-5fc26gk5216-0ua00-5es6_firmware6gk5216-0ha00-2ts6_firmware6gk5328-4fs00-2rr3_firmware6gk5216-4gs00-2fc26gk5213-3bb00-2tb26gk5208-0ga00-2tc2_firmware6gk5213-3bf00-2tb26gk5208-0ha00-2as66gk5224-0ba00-2ac26gk5206-2bd00-2ac2_firmware6gk5213-3bf00-2tb2_firmware6gk5328-4ss00-3ar36gk5216-0ha00-2ts66gk5208-0ba00-2tb2_firmware6gk5205-3bb00-2ab2_firmware6gk5216-3rs00-2ac2_firmware6gk5206-2rs00-5ac2_firmware6gk5216-0ba00-2fc26gk5328-4fs00-2ar36gk5206-2bs00-2fc2_firmware6gk5208-0ga00-2ac2_firmware6ag1206-2bs00-7ac2_firmware6gk5224-4gs00-2ac26gk5216-0ba00-2ac26gk5206-2bb00-2ac26gk5208-0ga00-2ac26ag1208-0ba00-7ac2_firmware6gk5206-2gs00-2tc26gk5208-0ra00-5ac2_firmware6gk5206-2gs00-2fc26gk5213-3bb00-2ab2_firmware6gk5216-4bs00-2ac2_firmware6gk5213-3bd00-2ab2_firmware6gk5326-2qs00-3rr36gk5206-2rs00-5fc2_firmware6gk5216-3rs00-5ac26gk5205-3bd00-2tb26gk5204-2aa00-2yf2_firmware6gk5216-0ha00-2as6_firmware6gk5204-2aa00-2gf26gk5213-3bd00-2tb26gk5216-0ba00-2tb26gk5216-0ha00-2es6_firmware6gk5324-0ba00-2ar3_firmware6gk5216-4gs00-2tc26ag1208-0ba00-7ac26gk5328-4fs00-3ar36gk5216-4gs00-2ac2_firmware6gk5216-0ba00-2tb2_firmware6gk5206-2rs00-2ac26gk5208-0ga00-2fc26gk5208-0ha00-2ts66gk5216-0ha00-2es66gk5208-0ra00-5ac26gk5206-2bb00-2ac2_firmware6gk5206-2gs00-2ac26gk5216-0ba00-2ac2_firmware6gk5224-4gs00-2fc26gk5216-4gs00-2tc2_firmware6ag1216-4bs00-7ac26gk5205-3bd00-2tb2_firmware6gk5324-0ba00-3ar3_firmware6gk5205-3bb00-2ab26gk5208-0ba00-2fc26gk5224-4gs00-2tc2_firmware6gk5206-2gs00-2tc2_firmware6gk5208-0ba00-2ac26gk5204-2aa00-2gf2_firmware6gk5326-2qs00-3ar36gk5216-4bs00-2ac26gk5328-4ss00-3ar3_firmware6gk5213-3bd00-2tb2_firmware6gk5204-0ba00-2yf2_firmware6gk5206-2bs00-2ac2_firmware6gk5213-3bb00-2ab26gk5216-0ba00-2ab2_firmware6ag1206-2bb00-7ac2_firmware6gk5205-3bf00-2tb26gk5204-0ba00-2yf26gk5216-3rs00-2ac26gk5208-0ra00-2ac2_firmware6gk5208-0ra00-2ac26gk5328-4ss00-2ar3SCALANCE S615 LAN-RouterSCALANCE WUM766-1 (USA)SCALANCE WAM766-1 (ME)SCALANCE M804PBSCALANCE M876-3 (ROK)SCALANCE MUM856-1 (EU)SCALANCE M826-2 SHDSL-RouterRUGGEDCOM RM1224 LTE(4G) EUSCALANCE M816-1 ADSL-RouterSCALANCE M874-2SCALANCE M876-3SCALANCE WUB762-1 iFeaturesSCALANCE M876-4SCALANCE M876-4 (EU)SCALANCE WAM763-1SCALANCE WUM766-1SCALANCE WAM766-1 (US)RUGGEDCOM RM1224 LTE(4G) NAMSCALANCE M874-3SCALANCE WAM763-1 (ME)SCALANCE WAM763-1 (US)SCALANCE WAB762-1SCALANCE S615 EEC LAN-RouterSCALANCE WAM766-1 EECSCALANCE MUM853-1 (EU)SCALANCE WAM766-1 EEC (US)SCALANCE WUM763-1 (US)SCALANCE WAM766-1SCALANCE WUM763-1SCALANCE WUB762-1SCALANCE MUM856-1 (RoW)SCALANCE WUM766-1 (ME)SCALANCE M812-1 ADSL-RouterSCALANCE WAM766-1 EEC (ME)SCALANCE M876-4 (NAM)
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2023-4018
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.12%
||
7 Day CHG~0.00%
Published-01 Sep, 2023 | 10:30
Updated-25 Jun, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Direct Request ('Forced Browsing') in GitLab

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-425
Direct Request ('Forced Browsing')
Details not found