CWE-394

Unexpected Status Code or Return Value

4 CVEs Avg CVSS 7.5 MITRE
0
CRITICAL
3
HIGH
1
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-25085 HIGH This Week

Copeland XWEB Pro firmware versions 1.12.1 and earlier suffer from an authentication bypass vulnerability where malformed authentication responses are incorrectly validated as legitimate, allowing unauthenticated remote attackers to gain unauthorized access. The flaw affects multiple XWEB Pro models (500d, 300d, and 500b) with a CVSS score of 8.6 indicating high severity, though no patch is currently available. An attacker exploiting this vulnerability could bypass security controls and potentially access sensitive device functionality without valid credentials.

Authentication Bypass Xweb 500d Pro Firmware Xweb 300d Pro Firmware Xweb 500b Pro Firmware
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-48510 HIGH This Week

Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Amd Uprof
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-22854 MEDIUM This Month

CVE-2025-22854 is a security vulnerability (CVSS 6.9). Remediation should follow standard vulnerability management procedures.

Information Disclosure Google
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-23013 HIGH PATCH This Month

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Apple macOS Suse
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-25085
EPSS 0% CVSS 8.6
HIGH This Week

Copeland XWEB Pro firmware versions 1.12.1 and earlier suffer from an authentication bypass vulnerability where malformed authentication responses are incorrectly validated as legitimate, allowing unauthenticated remote attackers to gain unauthorized access. The flaw affects multiple XWEB Pro models (500d, 300d, and 500b) with a CVSS score of 8.6 indicating high severity, though no patch is currently available. An attacker exploiting this vulnerability could bypass security controls and potentially access sensitive device functionality without valid credentials.

Authentication Bypass Xweb 500d Pro Firmware Xweb 300d Pro Firmware +1
NVD GitHub
CVE-2025-48510
EPSS 0% CVSS 7.1
HIGH This Week

Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Amd Uprof
NVD
CVE-2025-22854
EPSS 0% CVSS 6.9
MEDIUM This Month

CVE-2025-22854 is a security vulnerability (CVSS 6.9). Remediation should follow standard vulnerability management procedures.

Information Disclosure Google
NVD
CVE-2025-23013
EPSS 0% CVSS 7.3
HIGH PATCH This Month

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Apple +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy