Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-3091

Summary
Assigner-CERTVDE
Assigner Org ID-270ccfa6-a436-4e77-922e-914ec3a9685c
Published At-24 Jun, 2025 | 08:10
Updated At-24 Jun, 2025 | 13:56
Rejected At-
Credits

MB connect line: Authorization bypass in mbCONNECT24/mymbCONNECT24

An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:CERTVDE
Assigner Org ID:270ccfa6-a436-4e77-922e-914ec3a9685c
Published At:24 Jun, 2025 | 08:10
Updated At:24 Jun, 2025 | 13:56
Rejected At:
▼CVE Numbering Authority (CNA)
MB connect line: Authorization bypass in mbCONNECT24/mymbCONNECT24

An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.

Affected Products
Vendor
MB connect line
Product
mbCONNECT24
Default Status
unaffected
Versions
Affected
  • From 0 before 2.16.5 (semver)
Vendor
MB connect line
Product
mymbCONNECT24
Default Status
unaffected
Versions
Affected
  • From 0 before 2.18.0 (semver)
Vendor
MB connect line
Product
mymbCONNECT24
Default Status
unaffected
Versions
Affected
  • From 0 before 2.18.0 (semver)
Vendor
MB connect line
Product
mymbCONNECT24
Default Status
unaffected
Versions
Affected
  • From 0 before 2.16.5 (semver)
Vendor
Helmholz
Product
myREX24
Default Status
unaffected
Versions
Affected
  • From 0 before 2.18.0 (semver)
Vendor
Helmholz
Product
myREX24
Default Status
unaffected
Versions
Affected
  • From 0 before 2.16.5 (semver)
Vendor
Helmholz
Product
myREX24.virtual
Default Status
unaffected
Versions
Affected
  • From 0 before 2.18.0 (semver)
Vendor
Helmholz
Product
myREX24.virtual
Default Status
unaffected
Versions
Affected
  • From 0 before 2.16.5 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-639CWE-639 Authorization Bypass Through User-Controlled Key
Type: CWE
CWE ID: CWE-639
Description: CWE-639 Authorization Bypass Through User-Controlled Key
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Peter Husted Simonsen
finder
Irwin Przeperski
reporter
Eviden
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://certvde.com/en/advisories/VDE-2025-035
N/A
https://certvde.com/en/advisories/VDE-2025-038
N/A
Hyperlink: https://certvde.com/en/advisories/VDE-2025-035
Resource: N/A
Hyperlink: https://certvde.com/en/advisories/VDE-2025-038
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:info@cert.vde.com
Published At:24 Jun, 2025 | 09:15
Updated At:26 Jun, 2025 | 18:58

An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-639Primaryinfo@cert.vde.com
CWE ID: CWE-639
Type: Primary
Source: info@cert.vde.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://certvde.com/en/advisories/VDE-2025-035info@cert.vde.com
N/A
https://certvde.com/en/advisories/VDE-2025-038info@cert.vde.com
N/A
Hyperlink: https://certvde.com/en/advisories/VDE-2025-035
Source: info@cert.vde.com
Resource: N/A
Hyperlink: https://certvde.com/en/advisories/VDE-2025-038
Source: info@cert.vde.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2023-0985
Matching Score-6
Assigner-CERT@VDE
ShareView Details
Matching Score-6
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.03% / 7.63%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 10:06
Updated-07 Jan, 2025 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Helmholz and MB Connect Line: Account takeover via password reset in multiple products

An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account.

Action-Not Available
Vendor-mbconnectlineHelmholzMB Connect Line
Product-mymbconnect24mbconnect24mymbCONNECT24mbCONNECT24myREX24myREX24.virtual
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-45398
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-15 May, 2026 | 20:35
Updated-15 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open WebUI: IDOR - Retrieval API Bypasses Knowledge Base Access Controls

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, _validate_collection_access() checks the user-memory-* and file-* collection name prefixes but does not check knowledge base collections, which use raw UUIDs as collection names. Any authenticated user who knows a private knowledge base UUID can read its content through the retrieval query endpoints, even though the knowledge API correctly denies that user access. The same gap affects the retrieval write endpoints (/process/text, /process/file, /process/files/batch, /process/web, /process/youtube), allowing an attacker to inject content into or overwrite another user's knowledge base. This vulnerability is fixed in 0.9.5.

Action-Not Available
Vendor-open-webui
Product-open-webui
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-2193
Matching Score-4
Assigner-HYPR Corp
ShareView Details
Matching Score-4
Assigner-HYPR Corp
CVSS Score-7.5||HIGH
EPSS-0.86% / 75.25%
||
7 Day CHG~0.00%
Published-19 Jul, 2022 | 14:07
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1.

Action-Not Available
Vendor-hyprHYPR
Product-hypr_serverHYPR Server
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-64706
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5||MEDIUM
EPSS-0.05% / 14.20%
||
7 Day CHG~0.00%
Published-13 Nov, 2025 | 17:49
Updated-30 Jan, 2026 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Typebot IDOR Vulnerability: Unauthorized API Token Deletion and Exposure

Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing the target user's ID and token ID, without requiring authorization checks. Version 3.13.0 fixes the issue.

Action-Not Available
Vendor-typebotbaptisteArno
Product-typebottypebot.io
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-36365
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.01% / 2.93%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 21:27
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 Privilege Escalation

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controlled key.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-13768
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-7.7||HIGH
EPSS-0.16% / 36.35%
||
7 Day CHG~0.00%
Published-28 Nov, 2025 | 07:31
Updated-01 Dec, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uniong|WebITR - Authorization Bypass

WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.

Action-Not Available
Vendor-uniongUniong
Product-webitrWebITR
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2021-24655
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-0.66% / 71.37%
||
7 Day CHG~0.00%
Published-17 Jul, 2022 | 10:35
Updated-03 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP User Manager < 2.6.3 - Arbitrary User Password Reset to Account Compromise

The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account.

Action-Not Available
Vendor-wpusermanagerUnknown
Product-wp_user_managerWP User Manager – User Profile Builder & Membership
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
Details not found