Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

HYPR Corp

#0dc7baee-4a9f-419f-bd0a-e21ec5dac512
PolicyEmail

Short Name

HYPR

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

hypr.com

Country

USA

Scope

All HYPR products only.
Reported CVEsVendorsProductsReports
17Vulnerabilities found
CVE-2025-2102
Assigner-HYPR Corp
ShareView Details
Assigner-HYPR Corp
CVSS Score-5.7||MEDIUM
EPSS-0.03% / 7.22%
||
7 Day CHG~0.00%
Published-21 May, 2025 | 17:19
Updated-21 May, 2025 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.

Action-Not Available
Vendor-HYPR
Product-Passwordless
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-0372
Assigner-HYPR Corp
ShareView Details
Assigner-HYPR Corp
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 2.65%
||
7 Day CHG~0.00%
Published-21 May, 2025 | 17:12
Updated-21 May, 2025 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.

Action-Not Available
Vendor-HYPR
Product-Passwordless
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-1721
Assigner-HYPR Corp
ShareView Details
Assigner-HYPR Corp
CVSS Score-5.6||MEDIUM
EPSS-0.04% / 9.53%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 15:41
Updated-01 Aug, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1.

Action-Not Available
Vendor-HYPRhypr
Product-Passwordlesspasswordless
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-0068
Assigner-HYPR Corp
ShareView Details
Assigner-HYPR Corp
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.89%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 19:51
Updated-04 Mar, 2025 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1.

Action-Not Available
Vendor-hyprHYPRApple Inc.
Product-macosworkforce_accessWorkforce Access
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-6336
Assigner-HYPR Corp
ShareView Details
Assigner-HYPR Corp
CVSS Score-7.2||HIGH
EPSS-0.05% / 14.71%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 19:42
Updated-02 Jun, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.

Action-Not Available
Vendor-hyprHYPRApple Inc.
Product-workforce_accessmacosWorkforce Access
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-6335
Assigner-HYPR Corp
ShareView Details
Assigner-HYPR Corp
CVSS Score-6.4||MEDIUM
EPSS-0.08% / 23.77%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 19:42
Updated-02 Jun, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.

Action-Not Available
Vendor-hyprHYPRMicrosoft Corporation
Product-windowsworkforce_accessWorkforce Access
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-6334
Assigner-HYPR Corp
ShareView Details
Assigner-HYPR Corp
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 16.28%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 19:41
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HYPR Workforce Access on Windows allows Overflow Buffers.This issue affects Workforce Access: before 8.7.

Action-Not Available
Vendor-hyprHYPRMicrosoft Corporation
Product-windowsworkforce_accessWorkforce Access
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-5097
Assigner-HYPR Corp
ShareView Details
Assigner-HYPR Corp
CVSS Score-7||HIGH
EPSS-0.09% / 26.59%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 19:40
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7.

Action-Not Available
Vendor-hyprHYPRMicrosoft Corporation
Product-windowsworkforce_accessWorkforce Access
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-20
Improper Input Validation
CVE-2023-1837
Assigner-HYPR Corp
ShareView Details
Assigner-HYPR Corp
CVSS Score-8.5||HIGH
EPSS-0.05% / 14.11%
||
7 Day CHG~0.00%
Published-23 May, 2023 | 18:23
Updated-17 Jan, 2025 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs)

Action-Not Available
Vendor-hyprHYPR
Product-hypr_serverHYPR Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-1477
Assigner-HYPR Corp
ShareView Details
Assigner-HYPR Corp
CVSS Score-7.2||HIGH
EPSS-0.14% / 34.48%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 14:56
Updated-05 Mar, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3.

Action-Not Available
Vendor-hyprHYPR
Product-keycloak_authenticatorKeycloak Authenticator Extension
CWE ID-CWE-287
Improper Authentication
CVE-2023-0834
Assigner-HYPR Corp
ShareView Details
Assigner-HYPR Corp
CVSS Score-7||HIGH
EPSS-0.10% / 28.20%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 14:54
Updated-30 Jan, 2025 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1.

Action-Not Available
Vendor-hyprHYPRApple Inc.
Product-workforce_accessmacosWorkforce Access
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-3258
Assigner-HYPR Corp
ShareView Details
Assigner-HYPR Corp
CVSS Score-3.7||LOW
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 18:04
Updated-01 May, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse.

Action-Not Available
Vendor-hyprHYPR
Product-workforce_accessWorkforce Access
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-2193
Assigner-HYPR Corp
ShareView Details
Assigner-HYPR Corp
CVSS Score-7.5||HIGH
EPSS-0.55% / 66.89%
||
7 Day CHG~0.00%
Published-19 Jul, 2022 | 14:07
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1.

Action-Not Available
Vendor-hyprHYPR
Product-hypr_serverHYPR Server
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-1984
Assigner-HYPR Corp
ShareView Details
Assigner-HYPR Corp
CVSS Score-4.5||MEDIUM
EPSS-0.14% / 35.37%
||
7 Day CHG~0.00%
Published-19 Jul, 2022 | 14:07
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability in HYPR Workforce Access (WFA) before version 7.2 may allow local authenticated attackers to elevate privileges via a malicious serialized payload.

Action-Not Available
Vendor-hyprHYPR
Product-workforce_accessHYPR Windows WFA
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-2192
Assigner-HYPR Corp
ShareView Details
Assigner-HYPR Corp
CVSS Score-7.5||HIGH
EPSS-0.68% / 70.59%
||
7 Day CHG~0.00%
Published-19 Jul, 2022 | 14:07
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This issue affects: HYPR Server versions later than 6.10; version 6.15.1 and prior versions.

Action-Not Available
Vendor-hyprHYPR
Product-hypr_serverHYPR Server
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2024-0070
Assigner-HYPR Corp
ShareView Details
Assigner-HYPR Corp
CVSS Score-Not Assigned
EPSS-Not Assigned
Published-Not Available
Updated-28 Nov, 2023 | 00:15
Rejected-27 Nov, 2023 | 23:53
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This CVE ID was unused by the CNA.

Action-Not Available
Vendor-
Product-
CVE-2024-0069
Assigner-HYPR Corp
ShareView Details
Assigner-HYPR Corp
CVSS Score-Not Assigned
EPSS-Not Assigned
Published-Not Available
Updated-28 Nov, 2023 | 00:15
Rejected-27 Nov, 2023 | 23:53
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This CVE ID was unused by the CNA.

Action-Not Available
Vendor-
Product-