Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-44957

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-04 Aug, 2025 | 00:00
Updated At-05 Aug, 2025 | 17:42
Rejected At-
Credits

Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:04 Aug, 2025 | 00:00
Updated At:05 Aug, 2025 | 17:42
Rejected At:
▼CVE Numbering Authority (CNA)

Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.

Affected Products
Vendor
RUCKUS
Product
SmartZone
Default Status
unaffected
Versions
Affected
  • From 0 before 6.1.2p3 Refresh Build (custom)
Problem Types
TypeCWE IDDescription
CWECWE-288CWE-288 Authentication Bypass Using an Alternate Path or Channel
Type: CWE
CWE ID: CWE-288
Description: CWE-288 Authentication Bypass Using an Alternate Path or Channel
Metrics
VersionBase scoreBase severityVector
3.18.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.cert.org/vuls/id/613753
N/A
https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e
N/A
https://claroty.com/team82/disclosure-dashboard/cve-2025-44957
N/A
Hyperlink: https://kb.cert.org/vuls/id/613753
Resource: N/A
Hyperlink: https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e
Resource: N/A
Hyperlink: https://claroty.com/team82/disclosure-dashboard/cve-2025-44957
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:04 Aug, 2025 | 17:15
Updated At:07 Aug, 2025 | 17:59

Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
commscope
commscope
>>ruckus_smartzone_firmware>>Versions before 6.1.2(exclusive)
cpe:2.3:o:commscope:ruckus_smartzone_firmware:*:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_smartzone_firmware>>6.1.2
cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:-:*:*:*:*:*:*
commscope
commscope
>>ruckus_smartzone_firmware>>6.1.2
cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:p2:*:*:*:*:*:*
commscope
commscope
>>ruckus_smartzone_firmware>>6.1.2
cpe:2.3:o:commscope:ruckus_smartzone_firmware:6.1.2:p3:*:*:*:*:*:*
commscope
commscope
>>ruckus_smartzone_firmware>>7.0.0
cpe:2.3:o:commscope:ruckus_smartzone_firmware:7.0.0:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_smartzone_firmware>>7.1.0
cpe:2.3:o:commscope:ruckus_smartzone_firmware:7.1.0:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_virtual_smartzone>>-
cpe:2.3:a:commscope:ruckus_virtual_smartzone:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_virtual_smartzone-federal>>-
cpe:2.3:a:commscope:ruckus_virtual_smartzone-federal:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_c110>>-
cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_e510>>-
cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_h320>>-
cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_h350>>-
cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_h510>>-
cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_m510>>-
cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r320>>-
cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r510>>-
cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r560>>-
cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r610>>-
cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r710>>-
cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r720>>-
cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r730>>-
cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r750>>-
cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_smartzone_100>>-
cpe:2.3:h:commscope:ruckus_smartzone_100:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_smartzone_100-d>>-
cpe:2.3:h:commscope:ruckus_smartzone_100-d:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_smartzone_144>>-
cpe:2.3:h:commscope:ruckus_smartzone_144:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_smartzone_144-federal>>-
cpe:2.3:h:commscope:ruckus_smartzone_144-federal:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_smartzone_300>>-
cpe:2.3:h:commscope:ruckus_smartzone_300:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_smartzone_300-federal>>-
cpe:2.3:h:commscope:ruckus_smartzone_300-federal:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t310c>>-
cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t310d>>-
cpe:2.3:h:commscope:ruckus_t310d:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t310n>>-
cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t310s>>-
cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t350se>>-
cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t750>>-
cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t750se>>-
cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_network_director>>Versions before 4.5.0.51(exclusive)
cpe:2.3:a:commscope:ruckus_network_director:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-288Primarycve@mitre.org
CWE ID: CWE-288
Type: Primary
Source: cve@mitre.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://claroty.com/team82/disclosure-dashboard/cve-2025-44957cve@mitre.org
Third Party Advisory
https://kb.cert.org/vuls/id/613753cve@mitre.org
Third Party Advisory
US Government Resource
https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24ecve@mitre.org
Vendor Advisory
Hyperlink: https://claroty.com/team82/disclosure-dashboard/cve-2025-44957
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://kb.cert.org/vuls/id/613753
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

28Records found
CVE-2022-45701
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-49.00% / 97.69%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 00:00
Updated-18 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.

Action-Not Available
Vendor-commscopen/a
Product-arris_tg2492_firmwarearris_sbg10_firmwarearris_tg2492arris_tg2482a_firmwarearris_sbg10arris_tg2482an/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-46116
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.09%
||
7 Day CHG+0.01%
Published-21 Jul, 2025 | 00:00
Updated-05 Aug, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller.

Action-Not Available
Vendor-ruckuswirelesscommscopen/a
Product-ruckus_r350ruckus_r310ruckus_r510ruckus_r560ruckus_r320ruckus_t670ruckus_t811-cm_\(non-sfp\)ruckus_t310sruckus_t750seruckus_t350cruckus_unleashedruckus_r850ruckus_e510ruckus_c110ruckus_r760ruckus_h320ruckus_t310nruckus_r610ruckus_t750ruckus_r350eruckus_t350seruckus_zonedirectorruckus_m510ruckus_t610ruckus_t350druckus_h550ruckus_r710ruckus_h510ruckus_r750ruckus_r770ruckus_t710ruckus_r550ruckus_r650ruckus_t811-cmzonedirector_1200ruckus_r670ruckus_r720ruckus_t710sruckus_m510-jpruckus_h350ruckus_r730ruckus_t310cn/a
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-44961
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.15% / 35.62%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 00:00
Updated-07 Aug, 2025 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.

Action-Not Available
Vendor-commscopeRUCKUS
Product-ruckus_c110ruckus_smartzone_144-federalruckus_h510ruckus_r510ruckus_e510ruckus_h320ruckus_r320ruckus_smartzone_100-druckus_smartzone_300ruckus_network_directorruckus_t350seruckus_smartzone_firmwareruckus_virtual_smartzone-federalruckus_smartzone_300-federalruckus_t310sruckus_h350ruckus_smartzone_100ruckus_m510ruckus_t310cruckus_virtual_smartzoneruckus_t750ruckus_smartzone_144ruckus_r560ruckus_r730ruckus_t750seruckus_t310nruckus_r610ruckus_r710ruckus_r720ruckus_r750ruckus_t310dSmartZone
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-44960
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.5||HIGH
EPSS-0.13% / 32.99%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 00:00
Updated-07 Aug, 2025 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.

Action-Not Available
Vendor-commscopeRUCKUS
Product-ruckus_c110ruckus_smartzone_144-federalruckus_h510ruckus_r510ruckus_e510ruckus_h320ruckus_r320ruckus_smartzone_100-druckus_smartzone_300ruckus_network_directorruckus_t350seruckus_smartzone_firmwareruckus_virtual_smartzone-federalruckus_smartzone_300-federalruckus_t310sruckus_h350ruckus_smartzone_100ruckus_m510ruckus_t310cruckus_virtual_smartzoneruckus_t750ruckus_smartzone_144ruckus_r560ruckus_r730ruckus_t750seruckus_t310nruckus_r610ruckus_r710ruckus_r720ruckus_r750ruckus_t310dSmartZone
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-33217
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.48% / 63.94%
||
7 Day CHG~0.00%
Published-07 Jul, 2021 | 14:07
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root.

Action-Not Available
Vendor-commscopen/a
Product-ruckus_iot_controllern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-26878
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-48.89% / 97.68%
||
7 Day CHG~0.00%
Published-26 Oct, 2020 | 19:13
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.

Action-Not Available
Vendor-commscopen/a
Product-ruckus_iot_moduleruckus_vriotn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-5190
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.71%
||
7 Day CHG~0.00%
Published-30 May, 2025 | 11:15
Updated-30 May, 2025 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Browse As <= 0.2 - Authenticated (Subscriber+) Authentication Bypass via Cookie

The Browse As plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2. This is due to incorrect authentication checking in the 'IS_BA_Browse_As::notice' function with the 'is_ba_original_user_COOKIEHASH' cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the user id.

Action-Not Available
Vendor-sorich87
Product-Browse As
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-10002
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.85% / 73.92%
||
7 Day CHG~0.00%
Published-22 Oct, 2024 | 04:31
Updated-25 Oct, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rover IDX <= 3.0.0.2905 - Authenticated (Subscriber+) Authentication Bypass to Administrator

The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'rover_idx_refresh_social_callback' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in to administrator. The vulnerability is partially patched in version 3.0.0.2905 and fully patched in version 3.0.0.2906.

Action-Not Available
Vendor-roveridxstevemullenroveridx
Product-rover_idxRover IDXrover_idx
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-10311
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.57%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 09:29
Updated-19 Nov, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
External Database Based Actions <= 0.1 - Authenticated (Subscriber+) Authentication Bypass

The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edba_admin_handle' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin settings and log in as any existing user on the site, such as an administrator.

Action-Not Available
Vendor-cmorillas1cmorillas1WordPress.org
Product-external_database_based_actionsExternal Database Based Actionsexternal_database_based_actions
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-47461
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.22%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Subaccounts for WooCommerce plugin <= 1.6.6 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in mediaticus Subaccounts for WooCommerce allows Authentication Abuse. This issue affects Subaccounts for WooCommerce: from n/a through 1.6.6.

Action-Not Available
Vendor-mediaticus
Product-Subaccounts for WooCommerce
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-32976
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.49%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 00:00
Updated-26 Jun, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains a logic flaw in its two-factor authentication implementation that allows authenticated users to bypass TOTP-based 2FA requirements. The vulnerability exists in the 2FA validation process and can be exploited to gain elevated access.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-31019
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.22%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 15:56
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Password Policy Manager plugin <= 2.0.4 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager password-policy-manager allows Authentication Abuse.This issue affects Password Policy Manager: from n/a through 2.0.4.

Action-Not Available
Vendor-miniOrange
Product-Password Policy Manager
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-25171
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.07% / 21.11%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 11:52
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP SmartPay plugin <= 2.7.13 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemesGrove WP SmartPay allows Authentication Abuse. This issue affects WP SmartPay: from n/a through 2.7.13.

Action-Not Available
Vendor-ThemesGrove
Product-WP SmartPay
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-24456
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-6.7||MEDIUM
EPSS-0.00% / 0.03%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 17:23
Updated-30 Jan, 2025 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping

Action-Not Available
Vendor-JetBrains s.r.o.
Product-hubHub
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-10841
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.31% / 53.75%
||
7 Day CHG~0.00%
Published-20 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.

Action-Not Available
Vendor-glusterDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxglusterfsglusterfs
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-24000
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.93%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 16:58
Updated-07 Aug, 2025 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post SMTP plugin <= 3.2.0 - Account Takeover Vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in WPExperts Post SMTP allows Authentication Bypass.This issue affects Post SMTP: from n/a through 3.2.0.

Action-Not Available
Vendor-WPExperts
Product-Post SMTP
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-22277
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.12% / 30.96%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 05:32
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Vitepos plugin <= 3.1.4 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos allows Authentication Abuse. This issue affects Vitepos: from n/a through 3.1.4.

Action-Not Available
Vendor-appsbd
Product-Vitepos
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-1313
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.09%
||
7 Day CHG~0.00%
Published-12 Jul, 2025 | 05:30
Updated-15 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nokri - Job Board WordPress Theme <= 1.6.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover

The Nokri - Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email address. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.

Action-Not Available
Vendor-ScriptsBundle
Product-Nokri – Job Board WordPress Theme
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-9890
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-29.14% / 96.41%
||
7 Day CHG~0.00%
Published-26 Oct, 2024 | 01:58
Updated-28 Oct, 2024 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User Toolkit <= 1.2.3 - Authenticated (Subscriber+) Authentication Bypass

The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator.

Action-Not Available
Vendor-deryckderyck_onate
Product-User Toolkituser_toolkit
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-9522
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.24%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 02:06
Updated-15 Oct, 2024 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Users Masquerade <= 2.0.0 - Authentication Bypass

The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. This is due to incorrect authentication and capability checking in the 'ajax_masq_login' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator.

Action-Not Available
Vendor-lagunaiswlagunaiswlagunaisw
Product-wp_users_masqueradeWP Users Masqueradewp_users_masquerade
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-49675
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.67%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:11
Updated-06 Nov, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress iBryl Switch User plugin <= 1.0.1 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Vitalii Bryl iBryl Switch User allows Authentication Bypass.This issue affects iBryl Switch User: from n/a through 1.0.1.

Action-Not Available
Vendor-vitaliibrylVitalii Bryl
Product-switch_useriBryl Switch User
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-9658
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.07% / 20.99%
||
7 Day CHG~0.00%
Published-07 Mar, 2025 | 08:21
Updated-13 Mar, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
School Management System for Wordpress <= 93.0.0 - Authenticated (Student+) Account Takeover and Privilege Escalation

The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email and password through the mj_smgt_update_user() and mj_smgt_add_admission() functions, along with a local file inclusion vulnerability. This makes it possible for authenticated attackers, with student-level access and above, to change arbitrary user's email addresses and passwords, including administrators, and leverage that to gain access to their account. This was escalated four months ago after no response to our initial outreach, yet it still vulnerable.

Action-Not Available
Vendor-dasinfomediadasinfomedia
Product-school_management_systemSchool Management System for Wordpress
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-56013
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.26% / 48.84%
||
7 Day CHG+0.04%
Published-16 Dec, 2024 | 14:31
Updated-16 Dec, 2024 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wovax IDX plugin <= 1.2.2 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Wovax, LLC. Wovax IDX allows Authentication Bypass.This issue affects Wovax IDX: from n/a through 1.2.2.

Action-Not Available
Vendor-Wovax, LLC.
Product-Wovax IDX
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-54336
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.26% / 48.84%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:25
Updated-13 Dec, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Projectopia plugin <= 5.1.7 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Projectopia Projectopia allows Authentication Bypass.This issue affects Projectopia: from n/a through 5.1.7.

Action-Not Available
Vendor-Projectopia
Product-Projectopia
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-50488
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-26.12% / 96.08%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 12:28
Updated-31 Oct, 2024 | 13:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Token Login plugin <= 1.0.3 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Priyabrata Sarkar Token Login allows Authentication Bypass.This issue affects Token Login: from n/a through 1.0.3.

Action-Not Available
Vendor-priyabratasarkarPriyabrata Sarkarpriyabrata_sarkar
Product-token_loginToken Logintoken_login
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-31152
Matching Score-4
Assigner-Schweitzer Engineering Laboratories, Inc.
ShareView Details
Matching Score-4
Assigner-Schweitzer Engineering Laboratories, Inc.
CVSS Score-4||MEDIUM
EPSS-0.03% / 6.44%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 19:21
Updated-24 Jan, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass Using an Alternate Path or Channel

An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. See SEL Service Bulletin dated 2022-11-15 for more details.

Action-Not Available
Vendor-Schweitzer Engineering Laboratories, Inc. (SEL)
Product-sel-3505_firmwaresel-3505-3_firmwaresel-3560e_firmwaresel-2241_rtac_modulesel-3530_firmwaresel-2241_rtac_module_firmwaresel-3555sel-3560s_firmwaresel-3555_firmwaresel-3505-3sel-3532_firmwaresel-3560esel-3505sel-3350sel-3530-4sel-3530-4_firmwaresel-3560ssel-3350_firmwaresel-3532sel-3530SEL-3560ESEL-3350SEL-3505SEL-3532SEL-3505-3SEL-2241 RTAC moduleSEL-3530SEL-3555SEL-3560SSEL-3530-4
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2022-2031
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.27% / 49.91%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.

Action-Not Available
Vendor-n/aSamba
Product-sambasamba
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2019-5486
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.86%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 20:58
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabGitLab CE/EE
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
Details not found