Authentication Bypass

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin restrictions and add or remove users to/from private channels via the playbook run participants feature, even when the 'Manage Members' permission has been explicitly removed. This can lead to unauthorized access to sensitive channel content and allow guest users to gain channel management privileges.

The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication.

A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-book.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Company Website 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability classified as critical was found in SourceCodester Simple Company Website 1.0. This vulnerability affects unknown code of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Content.php?f=service. The manipulation of the argument img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a device’s MAC address from 802.1X or MAC Authentication, if both services are enabled and share the same RADIUS profile.

A vulnerability, which was classified as critical, has been found in code-projects Simple Forum 1.0. This issue affects some unknown processing of the file /forum1.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been classified as critical. Affected is an unknown function of the file /upload-photo.php. The manipulation of the argument file_img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability classified as critical was found in code-projects Library System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-53391 is a security vulnerability (CVSS 9.3) that allows a local user. Critical severity with potential for significant impact on affected systems.

The MIB3 infotainment unit used in Skoda and Volkswagen vehicles does not incorporate any privilege separation for the proprietary inter-process communication mechanism, leaving attackers with presence in the system an ability to undermine access control restrictions implemented at the operating system level. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.

There is no memory isolation between CPU cores of the MIB3 infotainment. This fact allows an attacker with access to the main operating system to compromise the CPU core responsible for CAN message processing. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.

The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in versions 1.0.0 through 1.1.3. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.

Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution.

CVE-2025-44557 is a security vulnerability (CVSS 8.1) that allows attackers. Risk factors: public PoC available.

CVE-2025-6705 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

authentik is an open-source identity provider. After authorizing access to a RAC endpoint, authentik creates a token which is used for a single connection and is sent to the client in the URL. This token is intended to only be valid for the session of the user who authorized the connection, however this check is missing in versions prior to 2025.6.3 and 2025.4.3. When, for example, using RAC during a screenshare, a malicious user could access the same session by copying the URL from the shown browser. authentik 2025.4.3 and 2025.6.3 fix this issue. As a workaround, it is recommended to decrease the duration a token is valid for (in the RAC Provider settings, set Connection expiry to `minutes=5` for example). The maintainers of authentik also recommend enabling the option Delete authorization on disconnect.

A security vulnerability in Missing Authorization vulnerability in danbriapps Pre-Publish Post Checklist (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Missing Authorization vulnerability in WPManiax WP DB Booster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP DB Booster: from n/a through 1.0.1.

CVE-2025-53304 is a security vulnerability (CVSS 5.3) that allows accessing functionality not properly constrained. Remediation should follow standard vulnerability management procedures.

A security vulnerability in Missing Authorization vulnerability in iCount iCount Payment Gateway (CVSS 5.3) that allows accessing functionality not properly constrained. Remediation should follow standard vulnerability management procedures.

Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Dashboard Widget Sidebar: from n/a through 1.2.3.

Missing Authorization vulnerability in Adrian Ladó PlatiOnline Payments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PlatiOnline Payments: from n/a through 6.3.2.

A security vulnerability in pankaj (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Missing Authorization vulnerability in EdwardBock Cron Logger allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cron Logger: from n/a through 1.3.0.

Missing Authorization vulnerability in Nabil Lemsieh HurryTimer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HurryTimer: from n/a through 2.13.1.

Missing Authorization vulnerability in QuantumCloud ChatBot allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ChatBot: from n/a through 6.7.3.

A privilege escalation vulnerability (CVSS 2.9) that allows a bypass of build isolation. Remediation should follow standard vulnerability management procedures.

D-Link DIR-823-Pro 1.02 has improper permission control, allowing unauthorized users to turn on and access Telnet services.

CVE-2025-40910 is a security vulnerability (CVSS 6.5) that allows attackers. Remediation should follow standard vulnerability management procedures.

A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some unknown functionality of the file /setupA.cfg of the component Web-based Management Interface. Performing manipulation results in missing authentication. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been made public and could be used. There are still doubts about whether this vulnerability truly exists. The vendor explains, that "[d]evices described at CVE are not intended to be exposed into internet and proper security of devices is to end-users."

Missing Authorization vulnerability in MDJM Mobile DJ Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile DJ Manager: from n/a through 1.7.6.

Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Trusty Whistleblowing: from n/a through 1.5.2.

Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Abandoned Contact Form 7: from n/a through 2.0.

Missing Authorization vulnerability in FocuxTheme WPKit For Elementor allows Privilege Escalation. This issue affects WPKit For Elementor: from n/a through 1.1.0.

Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemesGrove WP SmartPay allows Authentication Abuse. This issue affects WP SmartPay: from n/a through 2.7.13.

The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the create_user() function. This makes it possible for unauthenticated attackers to log in as administrative users.

Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have a hardcoded password for a system.

Flock Safety Gunshot Detection devices before 1.3 have a hardcoded password for a system.

Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection.

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 all versions, G-50-W all versions, G-50A all versions, GB-50 all versions, GB-50A all versions, GB-24A all versions, G-150AD all versions, AG-150A-A all versions, AG-150A-J all versions, GB-50AD all versions, GB-50ADA-A all versions, GB-50ADA-J all versions, EB-50GU-A all versions, EB-50GU-J all versions, AE-200J all versions, AE-200A all versions, AE-200E all versions, AE-50J all versions, AE-50A all versions, AE-50E all versions, EW-50J all versions, EW-50A all versions, EW-50E all versions, TE-200A all versions, TE-50A all versions, TW-50A all versions, and CMS-RMD-J all versions allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information.

yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an *invalid* Linux Hello PIN, provided the host is offline. While the user gains access to the local system, Single Sign-On (SSO) fails due to the network being down and the inability to issue tokens (due to a failure to unlock the Hello key). The core issue lies in an incorrect assumption within the `acquire_token_by_hello_for_business_key` function: it was expected to return a `TPMFail` error for an invalid Hello key when offline, but instead, a preceding nonce request resulted in a `RequestFailed` error, leading the system to erroneously transition to an offline success state without validating the Hello key unlock. This impacts systems using Himmelblau for authentication when operating in an offline state with Hello PIN authentication enabled. Rocky Linux 8 (and variants) are not affected by this vulnerability. The problem is resolved in Himmelblau version 0.9.17. A workaround is available for users who cannot immediately upgrade. Disabling Hello PIN authentication by setting `enable_hello = false` in `/etc/himmelblau/himmelblau.conf` will mitigate the vulnerability.

A security vulnerability in Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1 (CVSS 9.1). Critical severity with potential for significant impact on affected systems.

Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.

Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5.

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0 before 5.1.*.

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed framework-specific permission checks.

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed UI-enforced role restrictions.

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource abuse and unauthorized content storage.

The Amazon Products to WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcta2w_get_amazon_product_callback() function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to create new produces.

A security vulnerability in all (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

The Post Carousel Slider for Elementor plugin for WordPress is vulnerable to improper authorization due to a missing capability check on the process_wbelps_promo_form() function in all versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger the plugin’s support‐form handler to send arbitrary emails to the site’s support address.

A vulnerability was found in code-projects Car Rental System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/add_cars.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6443 is an unauthenticated remote access control bypass vulnerability in Mikrotik RouterOS affecting VXLAN traffic handling. The vulnerability allows remote attackers to bypass ingress filtering and gain unauthorized access to internal network resources by exploiting improper validation of remote IP addresses in VXLAN packets. With a CVSS score of 7.2 (Network-based, Low complexity, No privileges required) and unauthenticated exploitation capability, this vulnerability presents a significant risk to exposed RouterOS deployments, particularly those utilizing VXLAN for network segmentation.

CVE-2025-6678 is an unauthenticated remote information disclosure vulnerability in Autel MaxiCharger AC Wallbox Commercial charging stations affecting the Pile API endpoint. An attacker can remotely access sensitive information including credentials without requiring authentication, enabling credential theft and potential further compromise of the charging infrastructure. The vulnerability has a CVSS 7.5 severity rating reflecting high confidentiality impact, and the lack of authentication requirements makes exploitation trivial.

Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the operating system. The issue results from the lack of properly configured protection for the root file system. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26077.

CVE-2025-5824 is an authentication bypass vulnerability in Autel MaxiCharger AC Wallbox Commercial that allows network-adjacent attackers to bypass authentication through insufficient origin validation in Bluetooth pairing requests. The vulnerability (formerly ZDI-CAN-26353) has a CVSS score of 7.5 with high confidentiality, integrity, and availability impact; exploitation requires prior ability to pair a malicious Bluetooth device with the target system. No KEV or active exploitation data was provided in the supplied intelligence, and patch availability status is not documented in the available information.

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue requires user interaction.

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue does not require user interaction.

OpenBao versions before 2.3.0 contain an unauthenticated denial-of-service vulnerability in the root rekey and recovery rekey endpoints that allows attackers to cancel critical key management operations without authentication or audit logging. This affects organizations using OpenBao for secrets management, and the high CVSS 7.5 score reflects the availability impact, though the vulnerability requires no special privileges or user interaction to exploit.

CVE-2025-52890 is a network-layer security bypass in Incus 6.12 and 6.13 where improper nftables rule generation on bridge-connected ACL devices allows attackers to circumvent MAC filtering, IPv4 filtering, and IPv6 filtering security controls. This enables ARP spoofing and full VM/container impersonation on the same bridge. The vulnerability requires administrative privilege and local network access but results in high confidentiality and availability impact across the container/VM infrastructure.

A remote code execution vulnerability in Kanboard (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.

CVE-2025-20282 is a critical remote code execution vulnerability in Cisco ISE and ISE-PIC that allows unauthenticated attackers to upload arbitrary files to privileged directories and execute them as root via an internal API lacking file validation. This is a CVSS 10.0 vulnerability with complete system compromise impact; organizations running affected Cisco ISE deployments face immediate risk of total infrastructure takeover without authentication requirements or user interaction.

Discourse versions prior to 3.4.6 (stable) and 3.5.0.beta8-dev (tests-passed) contain an information disclosure vulnerability where users retain visibility of their own whisper-typed posts even after losing group membership that should restrict access to whispers. This is a logic flaw in the whisper visibility enforcement mechanism (CWE-200: Information Exposure) affecting unauthenticated network access with high confidentiality impact. No public exploitation has been reported, but the issue is easily discoverable through normal platform usage.

Cisco ISE and ISE-PIC contain a critical input injection vulnerability (CVE-2025-20281, CVSS 10.0) that allows unauthenticated remote attackers to execute arbitrary code as root on the underlying operating system. With EPSS 30.4% and KEV listing, this vulnerability targets the network access control platform that governs who and what can access the enterprise network — compromising ISE means controlling network admission for the entire organization.

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to insufficient authorization enforcement mechanisms for users created by SAML SSO integration with an external identity provider. An attacker could exploit this vulnerability by submitting a series of specific commands to an affected device. A successful exploit could allow the attacker to modify a limited number of system settings, including some that would result in a system restart. In single-node Cisco ISE deployments, devices that are not authenticated to the network will not be able to authenticate until the Cisco ISE system comes back online.&nbsp;

CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refers to a TUS-uploaded file belonging to the same user. As a result, if an attacker with a CVAT account and a `user` role knows the filenames of other users' uploads, they could potentially access and steal data by creating projects or tasks using those files. This issue does not affect annotation or dataset TUS uploads, since in this case object-specific temporary directories are used. Users should upgrade to CVAT 2.40.0 or a later version to receive a patch. No known workarounds are available.

Certain devices expose serial numbers via HTTP/HTTPS/IPP and SNMP that can be used to generate the default administrator password. An unauthenticated attacker who discovers the serial number can calculate the admin password and gain full administrative control of the device without brute force.

A remote code execution vulnerability in Loader in Google Chrome (CVSS 5.4). Remediation should follow standard vulnerability management procedures.

ControlID iDSecure On-premises versions 4.7.48.0 and earlier contain an improper authentication vulnerability (CWE-287) that allows unauthenticated network attackers to completely bypass authentication mechanisms and gain unauthorized permissions within the application. With a CVSS 9.8 score reflecting network-accessible, low-complexity exploitation requiring no user interaction or privileges, this represents a critical remote authentication bypass affecting all confidentiality, integrity, and availability of the system. The vulnerability's presence in a widely-deployed identity and access control product makes this a high-priority threat requiring immediate patching.

A security vulnerability in Sentry 25.1.0 (CVSS 4.2). Remediation should follow standard vulnerability management procedures.

CVE-2025-4378 is a critical authentication vulnerability in Ataturk University's ATA-AOF Mobile Application that combines cleartext transmission of sensitive information with hard-coded credentials, allowing unauthenticated attackers over the network to bypass authentication and abuse user accounts. All versions before 20.06.2025 are affected with a perfect CVSS 3.1 score of 10.0, indicating maximum severity across confidentiality, integrity, and availability dimensions.

PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference (IDOR) in odms/request-details.php.

A authentication bypass vulnerability in Art-in Bilişim Teknolojileri ve Yazılım Hizm (CVSS 9.3). Critical severity with potential for significant impact on affected systems.

CVE-2025-32977 is a critical unauthenticated backup file upload vulnerability in Quest KACE Systems Management Appliance (SMA) that allows attackers to bypass signature validation and upload malicious backup content, potentially achieving remote code execution with system-wide impact. The vulnerability affects SMA versions 13.0.x through 14.1.x and requires only user interaction (UI:R) but no authentication (PR:N), with a CVSS 9.6 severity rating indicating high exploitability.

CVE-2025-32976 is a security vulnerability (CVSS 8.8) that allows authenticated users. High severity vulnerability requiring prompt remediation.

A authentication bypass vulnerability (CVSS 10.0) that allows attackers. Risk factors: public PoC available.

CVE-2025-27827 is an information disclosure vulnerability in Mitel MiContact Center Business legacy chat component (versions through 10.2.0.3) that allows unauthenticated attackers to access sensitive chat data and session information through improper session handling. An attacker can exploit this to read active chat messages, join chat rooms without authorization, and send messages as legitimate users, requiring only user interaction to succeed. The CVSS 7.1 score reflects high confidentiality impact with limited integrity risk, though real-world exploitability depends on whether this is actively exploited (KEV status unknown from provided data) and patch availability from Mitel.

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140.

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

A security vulnerability in Devtools. This vulnerability affects Firefox (CVSS 9.1). Critical severity with potential for significant impact on affected systems.

CVE-2025-3091 is an authentication bypass vulnerability allowing a low-privileged remote attacker to hijack another user's account by possessing only that user's second factor (2FA), completely bypassing password authentication. This affects multi-factor authentication implementations where the second factor can be used independently to establish a session. The vulnerability has a CVSS score of 7.5 (High) with moderate attack complexity, and represents a critical weakness in MFA architecture since attackers need only compromise one authentication factor rather than all factors.

CVE-2025-3090 is a critical authentication bypass vulnerability affecting network devices that exposes a missing authentication requirement for sensitive functions. The vulnerability allows unauthenticated remote attackers to obtain limited sensitive information and trigger denial-of-service conditions without requiring any user interaction or special privileges. If actively exploited (KEV status pending confirmation), this represents an immediate threat to exposed devices as the attack vector is network-based with low complexity.

A command injection vulnerability in Connection Diagnostics page (CVSS 8.8). High severity vulnerability requiring prompt remediation.

A privilege escalation vulnerability (CVSS 9.6) that allows an unauthenticated attacker. Risk factors: public PoC available.

CVE-2025-48466 is a security vulnerability (CVSS 8.1). Risk factors: public PoC available.