CWE-284— Improper Access Control
4,239 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-284page 58 of 85
- CVE-2025-24205MEDIUMCVSS 5.5EG 5.52025-03-31
An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access user-sensitive…
- CVE-2025-24214MEDIUMCVSS 5.5EG 5.52025-03-31
A privacy issue was addressed by not logging contents of text fields. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to access sensitive user data.
- CVE-2025-24215MEDIUMCVSS 5.5EG 5.52025-03-31
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information.
- CVE-2025-24218MEDIUMCVSS 5.5EG 5.52025-03-31
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.4. An app may be able to access information about a user's contacts.
- CVE-2025-24229HIGHCVSS 7.4EG 7.42025-03-31
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A sandboxed app may be able to access sensitive user data.
- CVE-2025-24236MEDIUMCVSS 5.5EG 5.52025-03-31
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.
- CVE-2025-24241CRITICALCVSS 9.8EG 9.82025-03-31
A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to trick a user into copying sensitive data to the pasteboard.
- CVE-2025-24248MEDIUMCVSS 5.0EG 5.02025-03-31
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to enumerate devices that have signed into the user's Apple Account.
- CVE-2025-24272MEDIUMCVSS 6.8EG 6.82025-03-31
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to modify protected parts of the file system.
- CVE-2025-24313MEDIUMCVSS 4.4EG 4.42025-08-12
Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access.
- CVE-2025-24314LOWCVSS 2.2EG 2.22025-11-11
Improper access control for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with a privileged user combined with a high com…
- CVE-2025-24323MEDIUMCVSS 6.5EG 6.52025-08-12
Improper access control in some firmware package and LED mode toggle tool for some Intel(R) PCIe Switch software before version MR4_1.0b1 may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-24365HIGHCVSS 8.1EG 8.12025-01-27
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker can obtain owner rights of other organization. Hacker should know the ID of victim organization (in real case the user can b…
- CVE-2025-24411HIGHCVSS 8.1EG 8.12025-02-11
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage thi…
- CVE-2025-24422MEDIUMCVSS 6.5EG 6.52025-02-11
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage thi…
- CVE-2025-24423MEDIUMCVSS 4.3EG 4.32025-02-11
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vul…
- CVE-2025-24424MEDIUMCVSS 6.5EG 6.52025-02-11
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage thi…
- CVE-2025-24426MEDIUMCVSS 6.5EG 6.52025-02-11
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage thi…
- CVE-2025-24427MEDIUMCVSS 6.5EG 6.52025-02-11
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage thi…
- CVE-2025-24429LOWCVSS 3.5EG 3.52025-02-11
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged a…
- CVE-2025-24435MEDIUMCVSS 4.3EG 4.32025-02-11
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vul…
- CVE-2025-24516MEDIUMCVSS 4.5EG 4.52025-11-11
Improper access control for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with a privileged user combined with a low comp…
- CVE-2025-24532MEDIUMCVSS 4.3EG 4.32025-02-11
A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCA…
- CVE-2025-24840MEDIUMCVSS 5.8EG 5.82025-08-12
Improper access control for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
- CVE-2025-24857HIGHCVSS 7.6EG 7.62025-12-10
Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbit…
- CVE-2025-24885HIGHCVSS 7.6EG 7.62025-01-30
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom (unprivileged) dojo pages causes ability for users to create stored XSS.
- CVE-2025-24887MEDIUMCVSS 6.3EG 6.32025-04-30
OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It…
- CVE-2025-24916HIGHCVSS 7.0EG 7.02025-05-23
When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if…
- CVE-2025-24917HIGHCVSS 7.8EG 7.82025-05-23
In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, potentially leading to local privilege e…
- CVE-2025-24968HIGHCVSS 8.8EG 8.82025-02-04
reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. Thi…
- CVE-2025-24989HIGHCVSS 8.2EG 9.0⚠ KEV2025-02-19
An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service …
- CVE-2025-2499MEDIUMCVSS 5.4EG 5.42025-03-26
Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset…
- CVE-2025-24994HIGHCVSS 7.3EG 7.32025-03-11
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-24999HIGHCVSS 8.8EG 8.82025-08-12
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
- CVE-2025-25004HIGHCVSS 7.3EG 7.32025-10-14
Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
- CVE-2025-25225MEDIUMCVSS 6.5EG 6.52025-03-15
A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions.
- CVE-2025-25381HIGHCVSS 7.5EG 7.52025-03-06
Incorrect access control in the KSRTC AWATAR app of Karnataka State Road Transport Corporation v1.3.0 allows to view sensitive information such as usernames and passwords.
- CVE-2025-2546MEDIUMCVSS 4.3EG 4.32025-03-20
A vulnerability classified as problematic was found in D-Link DIR-618 and DIR-605L 2.02/3.02. This vulnerability affects unknown code of the file /goform/formAdvFirewall of the component Firewall Service. The manipulation leads to improper…
- CVE-2025-2547MEDIUMCVSS 4.3EG 4.32025-03-20
A vulnerability, which was classified as problematic, has been found in D-Link DIR-618 and DIR-605L 2.02/3.02. This issue affects some unknown processing of the file /goform/formAdvNetwork. The manipulation leads to improper access control…
- CVE-2025-2548MEDIUMCVSS 4.3EG 4.32025-03-20
A vulnerability, which was classified as problematic, was found in D-Link DIR-618 and DIR-605L 2.02/3.02. Affected is an unknown function of the file /goform/formSetDomainFilter. The manipulation leads to improper access controls. The atta…
- CVE-2025-2549MEDIUMCVSS 4.3EG 4.32025-03-20
A vulnerability has been found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/formSetPassword. The manipulation leads to improper acces…
- CVE-2025-2550MEDIUMCVSS 4.3EG 4.32025-03-20
A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/formSetDDNS of the component DDNS Service. The manipulation leads to…
- CVE-2025-25500HIGHCVSS 7.5EG 7.52025-03-18
An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and ex…
- CVE-2025-2551MEDIUMCVSS 4.3EG 4.32025-03-20
A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been classified as problematic. This affects an unknown part of the file /goform/formSetPortTr. The manipulation leads to improper access controls. Access to the lo…
- CVE-2025-2552MEDIUMCVSS 4.3EG 4.32025-03-20
A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/formTcpipSetup. The manipulation leads to improper access controls. Access…
- CVE-2025-2553MEDIUMCVSS 4.3EG 4.32025-03-20
A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been rated as problematic. This issue affects some unknown processing of the file /goform/formVirtualServ. The manipulation leads to improper access controls. The a…
- CVE-2025-2557MEDIUMCVSS 5.5EG 5.52025-03-20
A vulnerability, which was classified as critical, has been found in Audi UTR Dashcam 2.0. Affected by this issue is some unknown functionality of the component Command API. The manipulation leads to improper access controls. The attack ne…
- CVE-2025-25585HIGHCVSS 7.3EG 7.32025-03-18
Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords.
- CVE-2025-25598HIGHCVSS 8.8EG 8.82025-03-13
Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task.
- CVE-2025-25614HIGHCVSS 8.8EG 8.82025-03-10
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.
Map vulnerabilities like CWE-284 to your infrastructure
EchelonGraph correlates every CVE — across CWE-284 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →